Jump to content

Cannot Run MBAM


JAXsta7

Recommended Posts

I have just installed the latest version of MBAM (1.46) and i can install properly, but when i first run the program and start a quick scan, 5 seconds later the program closes. When i try to run the program again i get the message "Windows cannot access the specified device, path or file. You may not have appropriate permissions to access the item."

I am running XP SP3.

I have tried uninstalling and rebooting as well as installing and running in safe mode.

I have attached a picture of the message which i get when i try to run the program.

untitled.bmp

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Hi,

First remove your copy of ComboFix.exe from the Desktop.

Then download the latest version of ComboFix from: Here to your Desktop.

**Note:**In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to the name provided in the image below:

Cfix_svchost.com.jpg

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.

[*]Double click on the renamed version of ComboFix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the ComboFix log which can be found in the root drive (usually the C: Drive) for further review.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you can't run the renamed version of ComboFix as well, then please try running it in Safe Mode. You can reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Link to post
Share on other sites

i tried running the renamed version, but it didnt work.

so i tried running it in safe mode. it started running (i heard 2 beeps from my computer) and the license agreement window popped up, but after i clicked yes, nothing happened. I waited for about 10 minutes, and nothing happened.

so i double clicked svchost.com again, but a window telling me i did not have the required installation files popped up, and told me to restart the computer and try again. so i restarted the computer, but combofix still didnt work, just like in my previous post. the same thing happens when i try in safe mode now too.

Link to post
Share on other sites

Hi,

Please delete you copy of ComboFix (svchost.com) from the Desktop. Then download the latest version of ComboFix here. Rename Combofix.exe to explorer.exe before saving. It is important you rename Combofix during the download, not after.

Double click on the renamed version of ComboFix.exe (explorer.exe) & follow the prompts. When finished, it will produce a report for you. Please post the ComboFix log which can be found in the root drive (usually the C: Drive) for further review.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If the renamed version of ComboFix.exe (explorer.exe) doesn't run as well, then please tell me if you can start any of these:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://oldtimer.geekstogo.com/OTL.scr

http://www.techsupportforum.com/sectools/sUBs/dds

http://download.bleepingcomputer.com/sUBs/dds.scr

http://www.forospyware.com/sUBs/dds

http://images.malwareremoval.com/random/RSIT.exe

Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to post
Share on other sites

the scan was running fine for a while, but about 30 seconds in it suddenly closed.

when i tried re-opening the program, the pop up which was appearing when i tried to run MBAM appeared

"Windows cannot access the specified device, path or file. etc"

this is sort of the same thing that happens everytime i try to run MBAM.

Link to post
Share on other sites

Hi,

Lets try working outside Windows. ;)

Follow these first steps on another PC:

First, copy this scan.txt to a USB drive.

Please print these instruction out so that you know what you are doing.

OTLPEStd.exe

Size: 97,697,047b / 93.1Mb

MD5: E29EEBA00CCA665A2F04B8695469D986

  1. Download OTLPEStd.exe to your desktop.
  2. Ensure that you have a blank CD in the drive.
  3. Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD.
  4. Reboot the infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here.
  5. As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads. :D
  6. Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy.
  7. Double-click on the OTLPE icon.
  8. Select the Windows folder of the infected drive if it asks for a location.
  9. When asked "Do you wish to load the remote registry", select Yes.
  10. When asked "Do you wish to load remote user profile(s) for scanning", select Yes.
  11. Ensure the box "Automatically Load All Remaining Users" is checked and press OK.
  12. OTL should now start.
  13. Double-click on the Custom Scans/Fixes box and a message box will popup asking if you want to load a custom scan from a file.
    Select Scan.txt on your USB drive.
  14. Press Run Scan to start the scan.
  15. When finished, the file will be saved in drive C:\OTL.txt.
  16. Copy this file to your USB drive if you do not have internet connection on this system.
  17. Right click the file and select send to : select the USB drive.
  18. Confirm that it has copied to the USB drive by selecting it
  19. You can backup any files that you wish from this OS
  20. Please post the contents of the C:\OTL.txt file in your reply.

Link to post
Share on other sites

woot!

im so excited something worked! :)

anyways, here are the contents of OTL.txt:

OTL logfile created on: 9/26/2010 12:02:44 AM - Run

OTLPE by OldTimer - Version 3.1.42.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.27 Gb Total Space | 16.25 Gb Free Space | 43.60% Space Free | Partition Type: NTFS

Drive D: | 74.52 Gb Total Space | 26.35 Gb Free Space | 35.36% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 62.47 Mb Total Space | 47.86 Mb Free Space | 76.61% Space Free | Partition Type: FAT

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO

Current User Name: SYSTEM

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/04/04 19:34:29 | 001,029,456 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009/05/18 21:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/08/28 07:40:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2005/11/13 11:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004/04/06 13:12:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2003/09/05 16:20:50 | 000,234,656 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2003/09/05 16:20:48 | 000,218,272 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)

SRV - [2003/09/05 16:20:48 | 000,087,200 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2003/09/05 16:20:46 | 000,255,136 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2003/08/31 13:27:40 | 000,197,896 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2003/05/14 15:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand] -- D:\NTACCESS.sys -- (NTACCESS)

DRV - File not found [Kernel | On_Demand] -- D:\install4\MSICPL.sys -- (MSICPL)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2010/09/23 19:59:29 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\win32k.sys -- ({79007602-0CDB-4405-9DBF-1257BB3226EE})

DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009/11/30 08:04:03 | 000,163,712 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)

DRV - [2009/06/18 02:41:14 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CESG502.SYS -- (PVUSB)

DRV - [2009/06/17 19:33:30 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)

DRV - [2008/12/04 20:18:26 | 000,123,392 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire

DRV - [2008/09/23 20:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2006/12/20 14:25:20 | 000,429,440 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)

DRV - [2006/12/19 21:45:52 | 000,165,376 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2006/12/19 21:45:52 | 000,018,048 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2006/09/05 06:00:54 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58obex.sys -- (se58obex)

DRV - [2006/09/05 06:00:06 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mgmt.sys -- (se58mgmt) Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM)

DRV - [2006/09/05 05:59:18 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mdm.sys -- (se58mdm)

DRV - [2006/09/05 05:59:14 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58mdfl.sys -- (se58mdfl)

DRV - [2006/09/05 05:58:26 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)

DRV - [2006/09/05 05:57:54 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58nd5.sys -- (se58nd5) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS)

DRV - [2006/09/05 05:57:48 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se58unic.sys -- (se58unic) Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM)

DRV - [2005/08/03 23:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/01/06 22:07:40 | 000,286,720 | R--- | M] (NETGEAR, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)

DRV - [2004/10/14 06:24:00 | 000,043,392 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athwpn.sys -- (ATHFMWDL)

DRV - [2004/05/23 23:51:14 | 000,446,020 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HCWBT8xx.sys -- (HCWBT8XX)

DRV - [2004/03/03 04:35:38 | 000,347,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (WLI2USB2G54)

DRV - [2004/01/08 16:32:46 | 000,009,600 | R--- | M] (BUFFALO INC.) [Kernel | System] -- C:\WINDOWS\system32\BUFADPT.SYS -- (BUFADPT)

DRV - [2003/08/31 13:27:24 | 000,263,240 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2003/08/31 13:27:22 | 000,123,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO)

DRV - [2003/08/31 13:27:22 | 000,016,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2003/08/31 13:27:20 | 000,046,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2003/08/31 13:27:18 | 000,164,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2003/08/31 13:27:18 | 000,051,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2003/08/31 13:27:16 | 000,010,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2003/08/15 16:22:12 | 000,082,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2003/07/30 08:01:04 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)

DRV - [2003/03/27 23:53:18 | 000,390,144 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2003/03/19 23:03:54 | 000,010,496 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2003/01/29 03:56:36 | 000,009,248 | R--- | M] (MELCO INC.) [Kernel | On_Demand] -- C:\WINDOWS\system32\ESSIDSET.SYS -- (ESSIDSET)

DRV - [2003/01/12 22:43:56 | 000,030,720 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (sisagp)

DRV - [2002/11/29 07:38:16 | 000,016,320 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2002/11/28 10:18:04 | 000,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2002/08/30 03:06:00 | 000,992,618 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2002/07/10 11:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2001/12/20 21:12:40 | 000,623,665 | R--- | M] (LT) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)

DRV - [2001/08/23 03:33:10 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)

DRV - [2001/08/17 10:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [2001/08/16 23:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

DRV - [2001/07/12 23:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.missim.org/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\charles_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jacqueline_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jacqueline_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\master_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: E:\Program Files\Mozilla Firefox\components

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Easy Read) - {235A3ACD-EBE5-46b2-9BAE-B1960F9DC791} - E:\eRead\eREAD\EasyRead.dll File not found

O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (AddTask Class) - {6A19C29D-ED45-4483-8999-9F939C8161F2} - E:\eRead\eREAD\WebHook.dll File not found

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Web assistant) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O3 - HKU\charles_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\charles_ON_C\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O3 - HKU\Guest_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\jacqueline_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\jacqueline_ON_C\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O3 - HKU\master_ON_C\..\Toolbar\WebBrowser: (Web assistant) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bootSkin Startup Jobs] E:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe File not found

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LogonStudio] E:\Program Files\WinCustomize\LogonStudio\logonstudio.exe File not found

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKU\charles_ON_C..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\nbj.exe (Ahead Software AG)

O4 - HKU\charles_ON_C..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found

O4 - HKU\jacqueline_ON_C..\Run: [iLO_Office_Manager] C:\WINDOWS\System32\intedreg.exe ()

O4 - HKU\jacqueline_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_Plugin.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\jacqueline\Start Menu\Programs\Startup\TPG bitometer.url ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\charles_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]

O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\jacqueline_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]

O7 - HKU\jacqueline_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\master_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) - C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/07/21 20:04:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{37d5ad18-e9b5-11dc-872b-000d6171243a}\Shell - "" = AutoRun

O33 - MountPoints2\{37d5ad18-e9b5-11dc-872b-000d6171243a}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{37d5ad18-e9b5-11dc-872b-000d6171243a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)

Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/23 19:40:39 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/09/22 21:37:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.13.tmp

[2010/09/22 21:03:48 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.12.tmp

[2010/09/22 03:12:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.11.tmp

[2010/09/22 03:01:19 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.10.tmp

[2010/09/22 02:54:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.9.tmp

[2010/09/22 02:53:50 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.8.tmp

[2010/09/22 02:53:43 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.7.tmp

[2010/09/22 02:41:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.6.tmp

[2010/09/22 02:39:59 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.5.tmp

[2010/09/22 02:35:14 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.4.tmp

[2010/09/22 02:31:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.3.tmp

[2010/09/22 02:30:27 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp

[2010/09/22 02:29:47 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp

[2010/09/22 02:21:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/09/22 01:58:39 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp

[2010/09/21 01:04:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jacqueline\Recent

[2010/09/19 22:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jacqueline\Application Data\Media Player Classic

[2010/09/19 04:57:36 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/09/19 04:57:36 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/09/19 04:57:33 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/09/19 04:57:31 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/09/19 04:57:29 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/09/19 04:57:29 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/09/19 04:57:28 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/09/19 04:57:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/09/19 04:57:02 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/09/19 04:57:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/09/19 04:31:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/09/19 04:31:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/09/19 04:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jacqueline\Application Data\Malwarebytes

[2010/09/19 04:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/11 23:03:04 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.uxtender

[2008/09/14 01:58:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\jacqueline\Application Data\pcouffin.sys

[2008/02/01 20:46:49 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\charles\Application Data\pcouffin.sys

[14 C:\*.tmp files -> C:\*.tmp -> ]

[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/25 08:54:17 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/09/25 08:54:17 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2010/09/25 08:54:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/09/25 08:53:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/09/25 08:53:52 | 011,534,336 | -H-- | M] () -- C:\Documents and Settings\jacqueline\NTUSER.DAT

[2010/09/25 08:53:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jacqueline\ntuser.ini

[2010/09/25 08:26:48 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd

[2010/09/25 08:18:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job

[2010/09/25 08:13:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1770027372-1801674531-1004UA.job

[2010/09/25 02:13:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1770027372-1801674531-1004Core.job

[2010/09/24 20:05:04 | 000,575,488 | ---- | M] () -- C:\Documents and Settings\jacqueline\Desktop\OTL.exe

[2010/09/23 20:00:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/09/23 20:00:13 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini

[2010/09/23 19:59:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys

[2010/09/23 18:28:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/09/22 23:14:45 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\jacqueline\Desktop\Google Chrome.lnk

[2010/09/22 23:14:45 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\jacqueline\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/09/22 03:57:34 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\charles\NTUSER.DAT

[2010/09/22 03:57:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\charles\ntuser.ini

[2010/09/22 01:33:42 | 003,848,901 | ---- | M] () -- C:\Documents and Settings\charles\Desktop\ComboFix.exe

[2010/09/21 01:09:47 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\jacqueline\Desktop\CCleaner.lnk

[2010/09/20 23:02:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/09/19 19:35:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/09/19 04:57:30 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/09/19 03:48:09 | 000,000,622 | ---- | M] () -- C:\WINDOWS\SIERRA.INI

[2010/09/18 19:42:09 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\master\NTUSER.DAT

[2010/09/11 22:45:55 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\jacqueline\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/09/07 10:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/09/04 08:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7600#MY39H320P0K2.job

[14 C:\*.tmp files -> C:\*.tmp -> ]

[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/24 20:05:04 | 000,575,488 | ---- | C] () -- C:\Documents and Settings\jacqueline\Desktop\OTL.exe

[2010/09/22 02:34:43 | 003,848,901 | ---- | C] () -- C:\Documents and Settings\charles\Desktop\ComboFix.exe

[2010/07/09 00:46:42 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\jacqueline\Application Data\event.log

[2010/04/15 04:54:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI

[2009/12/31 23:27:35 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS

[2009/12/31 23:27:22 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI

[2009/12/23 17:17:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2009/11/30 02:40:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini

[2009/11/30 02:31:01 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys

[2009/11/30 02:24:22 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll

[2009/09/19 05:11:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys

[2009/09/16 08:14:10 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\sol.dll

[2009/07/24 21:15:42 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\master\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/06 03:47:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2008/10/25 07:58:36 | 000,000,073 | ---- | C] () -- C:\WINDOWS\webica.ini

[2008/09/27 00:51:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\master\ntuser.ini

[2008/09/27 00:51:01 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\master\NTUSER.DAT

[2008/09/27 00:51:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\master\NtUser.dat.LOG

[2008/09/19 08:32:34 | 000,000,269 | ---- | C] () -- C:\Documents and Settings\jacqueline\default.pls

[2008/09/19 02:30:06 | 000,001,636 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008/09/14 01:58:03 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\jacqueline\Application Data\pcouffin.log

[2008/09/14 01:58:02 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\jacqueline\Application Data\inst.exe

[2008/09/14 01:58:02 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\jacqueline\Application Data\pcouffin.cat

[2008/09/14 01:58:02 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\jacqueline\Application Data\pcouffin.inf

[2008/08/19 20:15:05 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\rnplf8.dll

[2008/07/01 01:28:34 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\HcdDll32.dll

[2008/07/01 01:28:34 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\HWDll.dll

[2008/02/01 20:46:56 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\charles\Application Data\pcouffin.log

[2008/02/01 20:46:49 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\charles\Application Data\inst.exe

[2008/02/01 20:46:49 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\charles\Application Data\pcouffin.cat

[2008/02/01 20:46:49 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\charles\Application Data\pcouffin.inf

[2007/05/19 01:38:14 | 000,000,583 | ---- | C] () -- C:\WINDOWS\VAMPIRE.INI

[2006/12/19 21:45:52 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2006/12/19 21:45:52 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2006/09/01 03:42:48 | 000,001,268 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/05/26 09:29:14 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2006/05/09 08:59:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat

[2006/05/09 08:59:42 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

[2006/04/03 08:26:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2006/03/04 22:12:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2006/02/10 07:26:50 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EmperorEdit.INI

[2006/01/13 07:18:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI

[2005/11/27 02:20:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mavis Beacon Teaches Typing.INI

[2005/09/16 03:47:01 | 000,000,076 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI

[2005/05/19 04:19:12 | 000,000,063 | ---- | C] () -- C:\WINDOWS\gkv4Ius.INI

[2005/05/19 04:18:55 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll

[2005/05/19 04:18:55 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI

[2005/02/26 05:52:36 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll

[2005/02/26 05:52:36 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll

[2005/02/20 01:41:59 | 000,002,587 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI

[2005/02/15 05:04:34 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini

[2004/12/24 22:24:26 | 000,000,311 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2004/12/24 22:21:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2004/12/12 06:50:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2004/11/24 02:20:53 | 000,000,622 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2004/11/24 02:18:44 | 000,000,058 | ---- | C] () -- C:\WINDOWS\KA.INI

[2004/11/05 05:39:04 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Guest\ntuser.dat.LOG

[2004/11/05 05:39:04 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini

[2004/11/05 05:39:03 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Guest\NTUSER.DAT

[2004/10/24 05:13:02 | 000,000,020 | ---- | C] () -- C:\WINDOWS\ADS.INI

[2004/09/21 22:49:32 | 000,001,910 | ---- | C] () -- C:\WINDOWS\disney.ini

[2004/09/20 18:11:52 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2004/09/19 20:42:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI

[2004/08/29 02:53:40 | 000,001,787 | ---- | C] () -- C:\WINDOWS\hegames.ini

[2004/08/28 20:19:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Edmark.ini

[2004/08/28 20:19:44 | 000,000,519 | ---- | C] () -- C:\WINDOWS\pipeline.ini

[2004/08/21 03:08:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/08/12 07:23:32 | 000,209,408 | ---- | C] () -- C:\Documents and Settings\jacqueline\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2004/08/03 03:22:37 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2004/08/01 07:47:52 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\cib1026_.dll

[2004/07/31 05:04:55 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\jacqueline\ntuser.ini

[2004/07/31 05:04:54 | 000,335,872 | -H-- | C] () -- C:\Documents and Settings\jacqueline\ntuser.dat.LOG

[2004/07/31 05:04:53 | 011,534,336 | -H-- | C] () -- C:\Documents and Settings\jacqueline\NTUSER.DAT

[2004/07/21 20:35:23 | 000,033,807 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2004/07/21 20:35:23 | 000,015,958 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[2004/07/21 20:33:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll

[2004/07/21 20:11:37 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\charles\ntuser.ini

[2004/07/21 20:11:36 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\charles\NTUSER.DAT

[2004/07/21 20:11:36 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\charles\ntuser.dat.LOG

[2004/07/21 20:09:49 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini

[2004/07/21 20:09:48 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2004/07/21 20:09:48 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2004/07/21 20:09:48 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[2004/07/21 20:09:48 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG

[2004/07/21 20:09:48 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini

[2004/04/20 02:04:00 | 000,041,515 | ---- | C] () -- C:\WINDOWS\UN800001.INI

[2002/03/19 03:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll

[2001/08/23 08:00:00 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll

[1998/10/10 11:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[1756/01/01 12:18:51 | 000,004,263 | -HS- | C] () -- C:\WINDOWS\windllreg1c.sys

========== LOP Check ==========

[2005/11/27 02:23:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\charles\Application Data\Broderbund

[2008/09/01 02:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\Citrix

[2009/04/02 19:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\ClientManager2

[2005/02/28 07:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\Novosoft

[2008/08/15 07:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\Opera

[2009/09/24 08:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\Spacejock Software

[2008/02/13 07:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\Teleca

[2006/07/07 02:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\The Labyrinth Plus! Edition

[2008/05/18 01:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles\Application Data\Vso

[2008/06/09 05:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\AceBIT

[2009/12/27 05:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\AnvSoft

[2006/09/06 04:55:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\jacqueline\Application Data\Broderbund

[2008/08/21 05:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Citrix

[2009/09/21 19:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\CuteReminderEnt

[2010/09/19 03:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\ICAClient

[2010/01/01 00:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\IconTweaker

[2009/11/26 01:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\LimeWire

[2010/03/24 03:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Merscom

[2010/02/15 16:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\MoveFab

[2008/11/21 08:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\NetMedia Providers

[2010/03/10 06:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\nvda

[2010/09/17 05:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Opera

[2009/10/27 06:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\OtakuSoftware

[2008/11/21 08:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Publish Providers

[2008/11/21 08:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Sony

[2009/09/16 08:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Spacejock Software

[2008/02/09 21:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Teleca

[2010/05/27 08:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Texas Instruments

[2004/09/19 20:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\The Labyrinth Plus! Edition

[2010/01/09 22:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Vso

[2007/03/31 21:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Windows Desktop Search

[2009/09/16 08:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\XemiComputers

[2010/05/31 07:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Xilisoft

[2009/07/04 02:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jacqueline\Application Data\Xilisoft Corporation

[2009/11/22 00:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera

[2008/09/27 11:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Citrix

[2009/07/24 20:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Opera

[2009/10/02 02:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Spacejock Software

[2008/09/27 03:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\master\Application Data\Teleca

[2010/09/19 19:35:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2007/02/19 04:10:17 | 000,000,000 | ---- | M] () -- C:\AILog.txt

[2010/07/09 01:48:09 | 000,000,369 | ---- | M] () -- C:\ashampoo-acdw-log.txt

[2004/07/21 20:04:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2006/05/30 05:32:39 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2004/07/21 20:04:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2006/05/08 08:09:04 | 000,000,025 | ---- | M] () -- C:\csb.log

[2005/11/27 01:25:45 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns

[2005/11/27 01:25:45 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns

[2004/12/11 03:17:47 | 000,000,034 | ---- | M] () -- C:\hcwclear.txt

[2010/09/09 06:16:40 | 000,004,854 | ---- | M] () -- C:\hpcmerr.log

[2007/03/08 02:57:23 | 000,000,067 | ---- | M] () -- C:\inferno.log

[2004/07/21 20:04:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2005/10/15 00:26:01 | 000,000,295 | -H-- | M] () -- C:\IPH.PH

[2004/10/24 05:12:27 | 000,000,032 | ---- | M] () -- C:\midasin.txt

[2004/07/21 20:04:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2006/05/07 11:05:41 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/09/14 02:24:01 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2004/02/29 11:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp

[2010/09/23 19:59:22 | 352,321,536 | -HS- | M] () -- C:\pagefile.sys

[2009/03/08 02:14:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm

[2009/03/08 02:14:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2009/10/01 09:32:21 | 000,000,109 | ---- | M] () -- C:\temp.m3u

[14 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >

[2006/04/18 01:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/06/29 00:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 01:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/06/29 00:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2004/07/21 20:04:06 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2003/06/18 03:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

[2006/10/26 05:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

Invalid Environment Variable: %APPDATA%\Adobe\Update\*.*

Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.*

Invalid Environment Variable: %APPDATA%\Microsoft\*.*

< %PROGRAMFILES%\*.* >

Invalid Environment Variable: %APPDATA%\Update\*.*

< %systemroot%\*. /mp /s >

< CREATERESTOREPOINT >

< %systemroot%\System32\config\*.sav >

[2004/07/22 05:33:14 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2004/07/22 05:33:14 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2004/07/22 05:33:14 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

Invalid Environment Variable: %ALLUSERSPROFILE%\Start Menu\*.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

Invalid Environment Variable: %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk

Invalid Environment Variable: %USERPROFILE%\Desktop\*.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

Invalid Environment Variable: %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

Invalid Environment Variable: %USERPROFILE%\My Documents\*.exe

Invalid Environment Variable: %USERPROFILE%\*.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

Invalid Environment Variable: %USERPROFILE%\Favorites\*.url

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

Invalid Environment Variable: %ALLUSERSPROFILE%\*.dat

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

Invalid Environment Variable: %USERPROFILE%\Cookies\*.txt

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

[2008/04/13 20:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

Invalid Environment Variable: %AppData%\Microsoft\Installer\msupdates\*.*

< %ProgramFiles%\Messenger\*.exe >

[2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

[2001/08/01 07:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

[2003/07/30 08:01:04 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE

Invalid Environment Variable: %USERPROFILE%\Templates\*.tmp

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

Invalid Environment Variable: %Windir%\Installer\*.tmp

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

[2003/07/30 08:01:04 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE

Invalid Environment Variable: %AppData%\Macromedia\Common\*.*

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

[2010/01/10 03:53:32 | 000,258,735 | ---- | M] () -- C:\WINDOWS\Logs\DirectX.log

[2009/09/13 04:05:17 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Logs\DXError.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

Invalid Environment Variable: %AppData%\Adobe\dlluplwin25\*.*

Invalid Environment Variable: %UserProfile%\*.dat

Invalid Environment Variable: %UserProfile%\*.dll

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

Invalid Environment Variable: %appdata%\Microsoft\Windows\*.*

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

Invalid Environment Variable: %AppData%\Microsoft\CD Burning\*.*

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

[2003/08/11 02:43:14 | 000,245,760 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg09.exe

[2003/08/11 02:43:14 | 000,643,072 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng09.exe

[2003/08/11 02:43:14 | 000,335,872 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre09.exe

[2003/08/11 02:43:14 | 000,376,832 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc09.exe

[2003/08/11 02:43:14 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw09.exe

[2003/08/11 02:43:14 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu09.exe

[2003/08/11 02:43:14 | 000,442,368 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx09.exe

[2003/05/07 15:56:22 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

Invalid Environment Variable: %USERPROFILE%\.COMMgr\*.*

Invalid Environment Variable: %USERPROFILE%\Desktop\*.bat

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-13 07:18:53

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\WINDOWS\$hf_mig$\KB911280\KB911280] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB913580\KB913580] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB914389\KB914389] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB915865\KB915865] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB916595\KB916595] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB920683\KB920683] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB923694\KB923694] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB924496\KB924496] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB925486\KB925486] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB926255\KB926255] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB956744\KB956744] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB956844\KB956844] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB960859\KB960859] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB968389\KB968389] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB969059\KB969059] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB969947\KB969947] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB971486\KB971486] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB971557\KB971557] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB971657\KB971657] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB971961\KB971961] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB973354\KB973354] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB973507\KB973507] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB973525\KB973525] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB973815\KB973815] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB973869\KB973869] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB974112\KB974112] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB974318\KB974318] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB974392\KB974392] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB974455-IE7\KB974455-IE7] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB974571\KB974571] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB975025\KB975025] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB975467\KB975467] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB975560\KB975560] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB975713\KB975713] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB977816\KB977816] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB977914\KB977914] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB978037\KB978037] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB978338\KB978338] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB978542\KB978542] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB978601\KB978601] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB978706\KB978706] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB979309\KB979309] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB980182-IE7\KB980182-IE7] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\$hf_mig$\KB981349\KB981349] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\addins\addins] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP87.tmp\ZAP87.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP94.tmp\ZAP94.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP95.tmp\ZAP95.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA3D.tmp\ZAPA3D.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADC.tmp\ZAPADC.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCF2.tmp\ZAPCF2.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD92.tmp\ZAPD92.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE74.tmp\ZAPE74.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE9F.tmp\ZAPE9F.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\assembly\temp\temp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\BBSTORE\DSS\DSS] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Config\Config] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Connection Wizard\Connection Wizard] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\CSC\d1\d1] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\CSC\d2\d2] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\CSC\d3\d3] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\CSC\d4\d4] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\CSC\d5\d5] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\CSC\d6\d6] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\CSC\d7\d7] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\CSC\d8\d8] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Debug\UserMode\UserMode] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\ime\imejp\applets\applets] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\ime\imejp98\imejp98] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\java\classes\classes] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\java\trustlib\trustlib] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\MACROMED\XTRAS\XTRAS] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Minidump\Minidump] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\msapps\msinfo\msinfo] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\msdownld.tmp\msdownld.tmp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\mui\mui] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Options\CABS\CABS] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Options\Install\Install] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\ERRORREP\UserDumps\UserDumps] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\PIF\PIF] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\security\logs\logs] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SiSInf\SiSInf] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\035cdeeef9eaa07de20138b420444b17\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\07fc28da31fb67510471389f08fbbe93\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\8491ee05516f59ee111b2aff35cdcfe1\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\solcache\solcache] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Temp\_avast4_\_avast4_] -> \Device\__max++>\^ -> Mount Point

[C:\WINDOWS\Temp\_avast5_\_avast5_] -> \Device\__max++>\^ -> Mount Point

< End of report >

Link to post
Share on other sites

Hi,

Copy the attached Fix.txt to a USB

Start OTLPE as you did previously from CD

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After that, please first delete all ComboFix file from the Desktop (renamed ComboFix files as well).

Then download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

fix.txt

Link to post
Share on other sites

Hi,

Download and run Win32kDiag:

  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

[*] Double-click Win32kDiag.exe to run Win32kDiag and let it finish.

[*] When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.

[*] Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

First delete all your copy's of OTL from the desktop.

Then download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    /md5stop
    %systemroot%\*. /mp /s

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to post
Share on other sites

so win32kdiag.exe was running fine for a while, but it seems to freeze at a certain point. I waited about 10 minutes, but it did not continue. I have attached a screenshot of where it stops.

OTL.exe still does not work. It runs for a little while but then closes itself and shows the "cannot access the specified device, path or file" popup again.

Below is the contents of the incomplete Win32kDiag.txt

Running from: C:\Documents and Settings\jacqueline\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\jacqueline\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB911280\KB911280

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB913580\KB913580

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB914389\KB914389

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916595\KB916595

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920683\KB920683

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB923694\KB923694

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925486\KB925486

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB926255\KB926255

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB956744\KB956744

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB960859\KB960859

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB969947\KB969947

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973354\KB973354

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973507\KB973507

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973815\KB973815

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973869\KB973869

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974318\KB974318

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974392\KB974392

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974455-IE7\KB974455-IE7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB975560\KB975560

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB975713\KB975713

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB977816\KB977816

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB977914\KB977914

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB978037\KB978037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB978338\KB978338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB978542\KB978542

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB978601\KB978601

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB978706\KB978706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB979309\KB979309

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB980182-IE7\KB980182-IE7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB981349\KB981349

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP87.tmp\ZAP87.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP94.tmp\ZAP94.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP95.tmp\ZAP95.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA3D.tmp\ZAPA3D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADC.tmp\ZAPADC.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCF2.tmp\ZAPCF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD92.tmp\ZAPD92.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE74.tmp\ZAPE74.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE9F.tmp\ZAPE9F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\BBSTORE\DSS\DSS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\MACROMED\XTRAS\XTRAS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Options\CABS\CABS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Options\Install\Install

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SiSInf\SiSInf

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\035cdeeef9eaa07de20138b420444b17\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe

[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 14:46:40 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-15 04:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 14:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 14:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899589\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB901190\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 13:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:16:51 716000 C:\WINDOWS\$hf_mig$\KB912812\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:29 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 09:12:28 716000 C:\WINDOWS\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)

[1] 2008-11-16 03:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB944338-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-04 01:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB953838\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 23:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 21:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-16 03:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 11:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 21:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB961503\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 22:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 17:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 23:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

Win32kDiag.bmp

Link to post
Share on other sites

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *eventlog*
    *scecli*
    *netlogon*
    *cngaudit*
    *sceclt*
    *ntelogon*
    *logevent*

    :file
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll


  • Click the Look button to start the scan. The scan might take some time, so please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook.txt

SystemLook 04.09.10 by jpshortstuff

Log created at 23:30 on 26/09/2010 by jacqueline

Administrator - Elevation successful

========== filefind ==========

Searching for "*eventlog*"

C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c- 55808 bytes [06:17 14/09/2008] [14:56 03/08/2004] 82B24CB70E5944E6E34662205A2A5B78

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll --a---- 798720 bytes [00:16 21/02/2003] [00:16 21/02/2003] 44CF87619DFFB796AC1C511D6CE61637

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll --a---- 798224 bytes [01:17 25/07/2008] [01:17 25/07/2008] 920A18F137A10805C12E89E31F349D38

C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------- 56320 bytes [15:15 07/05/2006] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

C:\WINDOWS\ServicePackFiles\i386\eventlogmessages.dll ------- 798720 bytes [08:54 19/07/2004] [08:54 19/07/2004] DE90CCA35AC8A770FBC4900C5B7BECFB

C:\WINDOWS\system32\eventlog.dll --a---- 61952 bytes [12:00 23/08/2001] [00:11 14/04/2008] (Unable to calculate MD5)

Searching for "*scecli*"

C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c- 180224 bytes [06:16 14/09/2008] [14:56 03/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A

C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------- 181248 bytes [15:16 07/05/2006] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

C:\WINDOWS\system32\scecli.dll --a---- 181248 bytes [12:00 23/08/2001] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "*netlogon*"

C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c- 407040 bytes [06:17 14/09/2008] [14:56 03/08/2004] 96353FCECBA774BB8DA74A1C6507015A

C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------- 407040 bytes [15:14 07/05/2006] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

C:\WINDOWS\system32\netlogon.dll --a---- 407040 bytes [12:00 23/08/2001] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "*cngaudit*"

No files found.

Searching for "*sceclt*"

No files found.

Searching for "*ntelogon*"

No files found.

Searching for "*logevent*"

C:\WINDOWS\system32\logevent.dll --a---- 56320 bytes [12:00 23/08/2001] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

========== file ==========

C:\WINDOWS\system32\eventlog.dll - Unable to find/read file.

C:\WINDOWS\system32\scecli.dll - File found and opened.

MD5: A86BB5E61BF3E39B62AB4C7E7085A084

Created at 12:00 on 23/08/2001

Modified at 00:12 on 14/04/2008

Size: 181248 bytes

Attributes: --a----

FileDescription: Windows Security Configuration Editor Client Engine

FileVersion: 5.1.2600.5512 (xpsp.080413-2113)

ProductVersion: 5.1.2600.5512

OriginalFilename: scecli

InternalName: scecli

ProductName: Microsoft

Link to post
Share on other sites

Hi,

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Please download The Avenger by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After that, please delete all your copy's of ComboFix from the desktop (renamed versions as well).

Then download the latest version of ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

combofix finally worked!

YAY! :)

win32kdiag.txt

Running from: C:\Documents and Settings\jacqueline\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\jacqueline\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB911280\KB911280

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB911280\KB911280

Found mount point : C:\WINDOWS\$hf_mig$\KB913580\KB913580

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB913580\KB913580

Found mount point : C:\WINDOWS\$hf_mig$\KB914389\KB914389

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB914389\KB914389

Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Found mount point : C:\WINDOWS\$hf_mig$\KB916595\KB916595

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB916595\KB916595

Found mount point : C:\WINDOWS\$hf_mig$\KB920683\KB920683

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920683\KB920683

Found mount point : C:\WINDOWS\$hf_mig$\KB923694\KB923694

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB923694\KB923694

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB925486\KB925486

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925486\KB925486

Found mount point : C:\WINDOWS\$hf_mig$\KB926255\KB926255

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB926255\KB926255

Found mount point : C:\WINDOWS\$hf_mig$\KB956744\KB956744

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956744\KB956744

Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Found mount point : C:\WINDOWS\$hf_mig$\KB960859\KB960859

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB960859\KB960859

Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389

Found mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059

Found mount point : C:\WINDOWS\$hf_mig$\KB969947\KB969947

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB969947\KB969947

Found mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486

Found mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971557\KB971557

Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Found mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961

Found mount point : C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7

Found mount point : C:\WINDOWS\$hf_mig$\KB973354\KB973354

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB973354\KB973354

Found mount point : C:\WINDOWS\$hf_mig$\KB973507\KB973507

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB973507\KB973507

Found mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525

Found mount point : C:\WINDOWS\$hf_mig$\KB973815\KB973815

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB973815\KB973815

Found mount point : C:\WINDOWS\$hf_mig$\KB973869\KB973869

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB973869\KB973869

Found mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112

Found mount point : C:\WINDOWS\$hf_mig$\KB974318\KB974318

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB974318\KB974318

Found mount point : C:\WINDOWS\$hf_mig$\KB974392\KB974392

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB974392\KB974392

Found mount point : C:\WINDOWS\$hf_mig$\KB974455-IE7\KB974455-IE7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB974455-IE7\KB974455-IE7

Found mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571

Found mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025

Found mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467

Found mount point : C:\WINDOWS\$hf_mig$\KB975560\KB975560

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB975560\KB975560

Found mount point : C:\WINDOWS\$hf_mig$\KB975713\KB975713

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB975713\KB975713

Found mount point : C:\WINDOWS\$hf_mig$\KB977816\KB977816

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB977816\KB977816

Found mount point : C:\WINDOWS\$hf_mig$\KB977914\KB977914

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB977914\KB977914

Found mount point : C:\WINDOWS\$hf_mig$\KB978037\KB978037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB978037\KB978037

Found mount point : C:\WINDOWS\$hf_mig$\KB978338\KB978338

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB978338\KB978338

Found mount point : C:\WINDOWS\$hf_mig$\KB978542\KB978542

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB978542\KB978542

Found mount point : C:\WINDOWS\$hf_mig$\KB978601\KB978601

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB978601\KB978601

Found mount point : C:\WINDOWS\$hf_mig$\KB978706\KB978706

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB978706\KB978706

Found mount point : C:\WINDOWS\$hf_mig$\KB979309\KB979309

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB979309\KB979309

Found mount point : C:\WINDOWS\$hf_mig$\KB980182-IE7\KB980182-IE7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB980182-IE7\KB980182-IE7

Found mount point : C:\WINDOWS\$hf_mig$\KB981349\KB981349

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB981349\KB981349

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP87.tmp\ZAP87.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP87.tmp\ZAP87.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP94.tmp\ZAP94.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP94.tmp\ZAP94.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP95.tmp\ZAP95.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP95.tmp\ZAP95.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA3D.tmp\ZAPA3D.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA3D.tmp\ZAPA3D.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADC.tmp\ZAPADC.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADC.tmp\ZAPADC.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCF2.tmp\ZAPCF2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCF2.tmp\ZAPCF2.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD92.tmp\ZAPD92.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD92.tmp\ZAPD92.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE74.tmp\ZAPE74.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE74.tmp\ZAPE74.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE9F.tmp\ZAPE9F.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE9F.tmp\ZAPE9F.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\BBSTORE\DSS\DSS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\BBSTORE\DSS\DSS

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\MACROMED\XTRAS\XTRAS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\MACROMED\XTRAS\XTRAS

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\Options\CABS\CABS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Options\CABS\CABS

Found mount point : C:\WINDOWS\Options\Install\Install

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Options\Install\Install

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\UserDumps\UserDumps

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\SiSInf\SiSInf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SiSInf\SiSInf

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\035cdeeef9eaa07de20138b420444b17\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\035cdeeef9eaa07de20138b420444b17\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07fc28da31fb67510471389f08fbbe93\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\07fc28da31fb67510471389f08fbbe93\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8491ee05516f59ee111b2aff35cdcfe1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\8491ee05516f59ee111b2aff35cdcfe1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b29e2a9f14df0d88f5323f96793e432b\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe

Found mount point : C:\WINDOWS\solcache\solcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\solcache\solcache

Cannot access: C:\WINDOWS\system32\dumprep.exe

Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 00:56:44 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 10:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 10:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 10:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\system32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe

Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

Attempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exe

Found mount point : C:\WINDOWS\Temp\_avast5_\_avast5_

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\_avast5_\_avast5_

Finished!

Avenger.txt

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

ComboFix.txt

ComboFix 10-09-25.07 - jacqueline 27/09/2010 9:51.1.1 - x86

Running from: c:\documents and settings\jacqueline\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\charles\Application Data\inst.exe

c:\documents and settings\jacqueline\Application Data\inst.exe

c:\windows\system\QTIM32.DLL

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2010-08-27 to 2010-09-27 )))))))))))))))))))))))))))))))

.

2010-09-26 13:46 . 2010-09-22 22:44 553472 ----a-r- C:\OTLPE.exe

2010-09-26 13:45 . 2010-09-26 13:45 -------- d-----w- C:\_OTL

2010-09-26 00:19 . 2010-09-26 00:19 -------- d-----w- c:\program files\Common Files\Java

2010-09-26 00:18 . 2010-07-16 19:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-25 23:48 . 2010-09-25 23:48 0 ----a-w- c:\windows\win32k.sys

2010-09-20 02:16 . 2010-09-21 05:02 -------- d-----w- c:\documents and settings\jacqueline\Application Data\Media Player Classic

2010-09-19 08:57 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-19 08:57 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-19 08:57 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-19 08:57 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-19 08:57 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-19 08:57 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-19 08:57 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-09-19 08:57 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-09-19 08:57 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-19 08:31 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-19 08:31 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-19 08:26 . 2010-09-19 08:26 -------- d-----w- c:\documents and settings\jacqueline\Application Data\Malwarebytes

2010-09-19 08:25 . 2010-09-22 05:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-19 08:25 . 2010-09-19 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-18 23:42 . 2010-09-19 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-26 00:18 . 2009-11-13 06:31 -------- d-----w- c:\program files\Java

2010-09-21 05:09 . 2008-08-20 00:58 -------- d-----w- c:\program files\CCleaner

2010-09-19 08:58 . 2008-03-04 06:36 -------- d-----w- c:\documents and settings\jacqueline\Application Data\U3

2010-09-19 08:57 . 2004-07-22 00:41 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-09-19 07:54 . 2010-01-01 04:50 -------- d-----w- c:\program files\Yahoo!

2010-09-19 07:54 . 2008-08-16 07:12 -------- d-----w- c:\program files\UltimateZip 2.7

2010-09-19 07:49 . 2008-08-20 01:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-19 07:48 . 2004-07-22 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-19 07:46 . 2008-08-20 07:03 -------- d-----w- c:\documents and settings\jacqueline\Application Data\ICAClient

2010-09-18 23:44 . 2008-08-15 07:03 -------- d-----w- c:\program files\Alwil Software

2010-09-12 03:03 . 2001-08-23 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll

2010-09-12 02:45 . 2008-08-15 11:41 -------- d-----w- c:\program files\Opera

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll

1756-01-01 16:18 . 1756-01-01 16:18 4263 -csh--w- c:\windows\windllreg1c.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ILO_Office_Manager"="IntEdReg.exe" [2002-10-14 53760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-09-05 70816]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-04-06 135224]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]

"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 212992]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-04-04 524632]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"LogonStudio"="e:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]

"BootSkin Startup Jobs"="e:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\jacqueline\Start Menu\Programs\Startup\

TPG bitometer.url [2010-6-10 206]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^jacqueline^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\jacqueline\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^jacqueline^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\jacqueline\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^jacqueline^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\jacqueline\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

2002-11-02 06:33 45056 ------w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-10-04 06:33 133104 ----atw- c:\documents and settings\jacqueline\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-28 10:21 141600 ----a-w- e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-04 15:54 417792 ----a-w- c:\program files\Ringz Studio\Storm Codec\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2007-03-27 15:07 593920 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 06:07 2260480 --sha-r- e:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSkin]

2009-05-08 09:18 417792 ----a-w- e:\customize\Themes\Vista_On_XP_Part_4\border-skin---aero-glass-on-xp-crystalxp.net-en-17835\Border Skin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"e:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;c:\windows\system32\Drivers\athwpn.sys [2004-10-14 43392]

R3 ESSIDSET;ESSIDSET;c:\windows\system32\ESSIDSET.SYS [2003-01-29 9248]

R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2004-05-24 446020]

R3 PVUSB;CESG502 USB Driver;c:\windows\system32\DRIVERS\CESG502.sys [2009-06-18 40672]

R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]

R3 USBTINSP;TI-Nspire Handheld Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2008-12-05 123392]

R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-01-07 286720]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-17 64160]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-04 1029456]

S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]

S3 WLI2USB2G54;BUFFALO WLI2-USB2-G54 Wireless LAN Driver;c:\windows\system32\DRIVERS\PRISMA02.sys [2004-03-03 347424]

.

Contents of the 'Scheduled Tasks' folder

2010-09-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:34]

2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1770027372-1801674531-1004Core.job

- c:\documents and settings\jacqueline\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-04 06:33]

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1770027372-1801674531-1004UA.job

- c:\documents and settings\jacqueline\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-04 06:33]

2010-09-04 c:\windows\Tasks\HP DArC Task 2003-04-08 07:12ewlett-Packard76002003-04-08 02:45Y39H320P0K2.job

- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 02:45]

2010-09-27 c:\windows\Tasks\HP Usg Daily.job

- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2006-04-04 03:03]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.missim.org/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {464F03E0-C363-4525-8BCF-88421029BA6F} = 203.12.160.35

TCP: {6E3D2AFB-FE9D-41C4-AABE-4644F460F68C} = 203.12.160.35,203.12.160.36

TCP: {CA81BAD8-5469-4E84-A3B9-56E08079012B} = 203.12.160.35

FF - ProfilePath - c:\documents and settings\jacqueline\Application Data\Mozilla\Firefox\Profiles\iniln4ne.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\jacqueline\Application Data\Mozilla\Firefox\Profiles\iniln4ne.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\documents and settings\jacqueline\Application Data\Mozilla\Firefox\Profiles\iniln4ne.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: e:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ISTray - e:\program files\Spyware Doctor\pctsTray.exe

MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe

MSConfigStartUp-POINTER - point32.exe

MSConfigStartUp-StormCodec_Helper - e:\program files\Ringz Studio\Storm Codec\StormSet.exe

AddRemove-HyperCD - c:\hypercd\Uninst.isu

AddRemove-{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} - c:\documents and settings\jacqueline\Local Settings\Application Data\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23}\setup_blazemp.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-27 10:06

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-1770027372-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

@="OLE (Part 1 of 5)"

[HKEY_USERS\S-1-5-21-1606980848-1770027372-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EE33BD01-AE07-7CDD-AEA5-A02E05E693D5}*]

"pahmecnmogmijbnimenifmmajebodijg"=hex:6b,61,62,63,6a,63,6a,62,70,6d,6b,62,61,

6b,6a,67,63,64,6d,6f,66,6b,00,7e

"abnlcbaeffkbkimlaiigfldeeabcjhacob"=hex:6b,61,62,63,6a,63,6a,62,70,6d,6b,62,

61,6b,6a,67,63,64,6d,6f,66,6b,00,7e

[HKEY_USERS\S-1-5-21-1606980848-1770027372-1801674531-1004\

Link to post
Share on other sites

Hi,

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Processes

    :Services

    :Reg

    :Files
    ipconfig /flushdns /c
    c:\windows\win32k.sys

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

So, everything seems to be working fine now! :)

MBAM works fine now.

The ESET scan showed no infections, so i do not have a txt file for that.

I have attached the final screen from the ESET scan.

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4706

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

28/09/2010 9:44:39 AM

mbam-log-2010-09-28 (09-44-39).txt

Scan type: Quick scan

Objects scanned: 173909

Time elapsed: 16 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.missim.org/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\All Users\Application Data\1921778036 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\All Users\Application Data\1921778036\config.udb (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\1921778036\init.udb (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\1921778036\Langs.udb (Rogue.Multiple) -> Quarantined and deleted successfully.

THANK YOU SO MUCH FOR YOUR HELP!!!

ESETscan.bmp

Link to post
Share on other sites

Hi,

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :)

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :)

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.