PDA

View Full Version : Can't open Spybot Or HijackThis



neonfire999
2009-09-12, 00:39
When i try to run Spybot It comes up with a message that says "C:\Program Files\Spybot - Search & Destroy" and below, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I tried re-installing and it runs and let me start a scan and it ran for like a minute and then closed and replied with the same message. So i installed HijackThis so i could get logfile and stuff for help on this forum, and i started a scan and it ran for a minute and then closed and now it replys with the same message as spybot when i try to open it. What do I do? Thanks.

Shaba
2009-09-14, 20:13
Hi neonfire999

Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

neonfire999
2009-09-17, 01:07
Hi neonfire999

Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

I ran the program and this is what it came up with,

Running from: C:\Documents and Settings\Ben\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Ben\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB958215\KB958215

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB960714\KB960714

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\$NtServicePackUninstallIDNMitigationAPIs$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\$NtServicePackUninstallNLSDownlevelMapping$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB898461$\$NtUninstallKB898461$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB936782_WMP11$\$NtUninstallKB936782_WMP11$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB938464$\$NtUninstallKB938464$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB939683$\$NtUninstallKB939683$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB941569$\$NtUninstallKB941569$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB943729$\$NtUninstallKB943729$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB951376-v2$\$NtUninstallKB951376-v2$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB954154_WM11$\$NtUninstallKB954154_WM11$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB954211$\$NtUninstallKB954211$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB954600$\$NtUninstallKB954600$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB955839$\$NtUninstallKB955839$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB958687$\$NtUninstallKB958687$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallMSCompPackV1$\$NtUninstallMSCompPackV1$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallWudf01000$\$NtUninstallWudf01000$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP413.tmp\ZAP413.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43B.tmp\ZAP43B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44C.tmp\ZAP44C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

[1] 2008-04-14 08:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()

[1] 2008-04-14 08:00:00 744448 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1935655697-1682526488-1644491937-1003\S-1-5-21-1935655697-1682526488-1644491937-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1935655697-1682526488-1644491937-1005\S-1-5-21-1935655697-1682526488-1644491937-1005

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-14 08:00:00 56320 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 08:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 08:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis71a24e2\gis71a24e2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mgxgroups\mgxgroups

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mgxlicense\mgxlicense

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e

Mount point destination : \Device\__max++>\^



Finished!

Shaba
2009-09-17, 07:03
Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

neonfire999
2009-09-18, 00:12
Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

ok i already had that file from doing the thing before so i just did the start-run thing and pasted the text and the program ran and this i what i got,

Running from: C:\Documents and Settings\Ben\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Ben\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Found mount point : C:\WINDOWS\$hf_mig$\KB958215\KB958215

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB958215\KB958215

Found mount point : C:\WINDOWS\$hf_mig$\KB960714\KB960714

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB960714\KB960714

Found mount point : C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\$NtServicePackUninstallIDNMitigationAPIs$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\$NtServicePackUninstallIDNMitigationAPIs$

Found mount point : C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\$NtServicePackUninstallNLSDownlevelMapping$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\$NtServicePackUninstallNLSDownlevelMapping$

Found mount point : C:\WINDOWS\$NtUninstallKB898461$\$NtUninstallKB898461$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB898461$\$NtUninstallKB898461$

Found mount point : C:\WINDOWS\$NtUninstallKB936782_WMP11$\$NtUninstallKB936782_WMP11$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB936782_WMP11$\$NtUninstallKB936782_WMP11$

Found mount point : C:\WINDOWS\$NtUninstallKB938464$\$NtUninstallKB938464$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB938464$\$NtUninstallKB938464$

Found mount point : C:\WINDOWS\$NtUninstallKB939683$\$NtUninstallKB939683$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB939683$\$NtUninstallKB939683$

Found mount point : C:\WINDOWS\$NtUninstallKB941569$\$NtUninstallKB941569$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB941569$\$NtUninstallKB941569$

Found mount point : C:\WINDOWS\$NtUninstallKB943729$\$NtUninstallKB943729$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB943729$\$NtUninstallKB943729$

Found mount point : C:\WINDOWS\$NtUninstallKB951376-v2$\$NtUninstallKB951376-v2$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB951376-v2$\$NtUninstallKB951376-v2$

Found mount point : C:\WINDOWS\$NtUninstallKB954154_WM11$\$NtUninstallKB954154_WM11$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB954154_WM11$\$NtUninstallKB954154_WM11$

Found mount point : C:\WINDOWS\$NtUninstallKB954211$\$NtUninstallKB954211$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB954211$\$NtUninstallKB954211$

Found mount point : C:\WINDOWS\$NtUninstallKB954600$\$NtUninstallKB954600$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB954600$\$NtUninstallKB954600$

Found mount point : C:\WINDOWS\$NtUninstallKB955839$\$NtUninstallKB955839$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB955839$\$NtUninstallKB955839$

Found mount point : C:\WINDOWS\$NtUninstallKB958687$\$NtUninstallKB958687$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB958687$\$NtUninstallKB958687$

Found mount point : C:\WINDOWS\$NtUninstallMSCompPackV1$\$NtUninstallMSCompPackV1$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallMSCompPackV1$\$NtUninstallMSCompPackV1$

Found mount point : C:\WINDOWS\$NtUninstallWudf01000$\$NtUninstallWudf01000$

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallWudf01000$\$NtUninstallWudf01000$

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP413.tmp\ZAP413.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP413.tmp\ZAP413.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43B.tmp\ZAP43B.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43B.tmp\ZAP43B.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44C.tmp\ZAP44C.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44C.tmp\ZAP44C.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Minidump\Minidump

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Adobe\update\update

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1935655697-1682526488-1644491937-1003\S-1-5-21-1935655697-1682526488-1644491937-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1935655697-1682526488-1644491937-1003\S-1-5-21-1935655697-1682526488-1644491937-1003

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1935655697-1682526488-1644491937-1005\S-1-5-21-1935655697-1682526488-1644491937-1005

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1935655697-1682526488-1644491937-1005\S-1-5-21-1935655697-1682526488-1644491937-1005

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-14 08:00:00 56320 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 08:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 08:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\DriverFiles

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\DriverFiles

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\Temp\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\Cookies\Cookies

Found mount point : C:\WINDOWS\Temp\gis71a24e2\gis71a24e2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis71a24e2\gis71a24e2

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Found mount point : C:\WINDOWS\Temp\mgxgroups\mgxgroups

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mgxgroups\mgxgroups

Found mount point : C:\WINDOWS\Temp\mgxlicense\mgxlicense

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mgxlicense\mgxlicense

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e



Finished!

Shaba
2009-09-18, 07:02
Good :)

Please now run win32kdiag.exe in normal way and post back a fresh log.

neonfire999
2009-09-19, 06:44
Good :)

Please now run win32kdiag.exe in normal way and post back a fresh log.

ok here you go,

Running from: C:\Documents and Settings\Ben\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Ben\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB958215\KB958215

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB960714\KB960714

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\$NtServicePackUninstallIDNMitigationAPIs$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\$NtServicePackUninstallNLSDownlevelMapping$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB898461$\$NtUninstallKB898461$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB936782_WMP11$\$NtUninstallKB936782_WMP11$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB938464$\$NtUninstallKB938464$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB939683$\$NtUninstallKB939683$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB941569$\$NtUninstallKB941569$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB943729$\$NtUninstallKB943729$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB951376-v2$\$NtUninstallKB951376-v2$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB954154_WM11$\$NtUninstallKB954154_WM11$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB954211$\$NtUninstallKB954211$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB954600$\$NtUninstallKB954600$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB955839$\$NtUninstallKB955839$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB958687$\$NtUninstallKB958687$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallMSCompPackV1$\$NtUninstallMSCompPackV1$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallWudf01000$\$NtUninstallWudf01000$

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP413.tmp\ZAP413.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43B.tmp\ZAP43B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44C.tmp\ZAP44C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

[1] 2008-04-14 08:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()

[1] 2008-04-14 08:00:00 744448 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1935655697-1682526488-1644491937-1003\S-1-5-21-1935655697-1682526488-1644491937-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1935655697-1682526488-1644491937-1005\S-1-5-21-1935655697-1682526488-1644491937-1005

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-14 08:00:00 56320 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 08:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 08:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis71a24e2\gis71a24e2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mgxgroups\mgxgroups

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mgxlicense\mgxlicense

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e

Mount point destination : \Device\__max++>\^



Finished!

Shaba
2009-09-19, 10:49
So it didn't work.

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

neonfire999
2009-09-20, 01:05
So it didn't work.

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

ok i downloaded combo fix and ran it and it needed to reboot windows the first time it ran so i didnt get the log but then i ran it again and got the log. i have stated before that i can not open hijack this and i just tried after i ran combo fix and it still didn't work. here is the lof from combofix

ComboFix 09-09-18.02 - Ben 09/19/2009 16:54.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.307 [GMT -4:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Abi\Application Data\FunWebProducts
c:\documents and settings\Abi\Application Data\FunWebProducts\Data\Abi\avatar.dat
c:\documents and settings\Abi\Application Data\FunWebProducts\Data\Abi\outfit.dat
c:\documents and settings\Abi\Application Data\FunWebProducts\Data\Abi\register.dat
c:\documents and settings\Abi\Application Data\FunWebProducts\Data\Abi\zbucks.dat
c:\documents and settings\Abi\Application Data\FunWebProducts\Data\Abi\zevents.dat
c:\program files\Microsoft Common
c:\program files\Uninstall Fun Web Products.dll
c:\windows\upuhapaximi.dll

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\eventlog.dll

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\eventlog.dll

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-19 to 2009-09-19 )))))))))))))))))))))))))))))))
.

2009-09-18 02:12 . 2009-09-19 17:38 -------- d-----w- c:\documents and settings\Laura\Application Data\LimeWire
2009-09-18 02:12 . 2009-09-18 03:04 -------- d-----w- c:\documents and settings\Laura\.limewire
2009-09-14 01:03 . 2009-09-14 01:03 -------- d-----w- C:\iTunes Media
2009-09-12 18:59 . 2009-09-12 18:59 -------- d-----w- c:\program files\WinDirStat
2009-09-12 00:59 . 2009-09-12 00:59 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-12 00:56 . 2009-09-12 00:56 -------- d-----w- c:\program files\iPod
2009-09-12 00:55 . 2009-09-12 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 21:22 . 2009-09-11 21:22 -------- d-----w- c:\program files\Trend Micro
2009-09-11 21:16 . 2009-09-11 21:16 -------- d-----w- c:\program files\ERUNT
2009-09-01 22:51 . 2009-09-01 22:51 -------- d-----w- c:\program files\Sims2Programs.com
2009-09-01 21:59 . 2009-09-12 13:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-01 04:11 . 2009-09-01 04:11 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-01 04:02 . 2009-09-01 03:57 151552 ----a-w- c:\windows\system32\nvRegDev.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 20:39 . 2009-01-18 00:29 73352 ----a-w- c:\documents and settings\Ben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 19:50 . 2009-01-19 20:17 -------- d-----w- c:\documents and settings\Ben\Application Data\uTorrent
2009-09-19 19:43 . 2009-06-15 14:21 -------- d-----w- c:\program files\Microsoft Games
2009-09-18 22:54 . 2009-01-26 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-18 20:31 . 2009-03-06 19:37 -------- d-----w- c:\documents and settings\Dave\Application Data\vlc
2009-09-18 02:46 . 2009-01-31 16:18 -------- d-----w- c:\documents and settings\Laura\Application Data\Apple Computer
2009-09-17 02:16 . 2009-05-27 19:14 256 ----a-w- c:\windows\system32\pool.bin
2009-09-16 22:11 . 2009-08-17 03:09 -------- d-----w- c:\program files\EA GAMES
2009-09-16 02:06 . 2009-01-19 21:43 -------- d-----w- c:\documents and settings\Abi\Application Data\LimeWire
2009-09-16 02:05 . 2009-02-07 16:48 -------- d-----w- c:\documents and settings\Abi\Application Data\vlc
2009-09-15 23:52 . 2009-01-21 22:08 -------- d-----w- c:\documents and settings\Abi\Application Data\Apple Computer
2009-09-14 19:49 . 2009-02-01 19:45 -------- d-----w- c:\program files\Simply Accounting Pro 2009
2009-09-12 19:31 . 2009-08-06 01:18 -------- d-----w- c:\documents and settings\Ben\Application Data\vlc
2009-09-12 03:31 . 2009-01-25 00:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-12 01:42 . 2009-01-18 00:44 -------- d-----w- c:\documents and settings\Ben\Application Data\Apple Computer
2009-09-12 00:57 . 2009-01-18 00:43 -------- d-----w- c:\program files\iTunes
2009-09-12 00:56 . 2009-01-18 00:42 -------- d-----w- c:\program files\Common Files\Apple
2009-09-12 00:51 . 2009-01-18 00:43 -------- d-----w- c:\program files\QuickTime
2009-09-11 21:23 . 2009-03-01 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-09 22:31 . 2009-01-24 17:09 -------- d-----w- c:\program files\Google
2009-09-08 23:13 . 2009-01-25 01:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-01 12:29 . 2009-01-16 02:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-01 12:29 . 2009-01-16 02:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-01 12:29 . 2009-01-16 02:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-01 04:10 . 2009-01-16 01:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 23:42 . 2009-03-18 17:54 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2009-01-18 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-21 00:19 . 2009-03-01 20:44 -------- d-----w- c:\documents and settings\Ben\Application Data\soundcrank
2009-08-20 05:27 . 2009-08-20 05:27 -------- d-----w- c:\program files\iLyrics
2009-08-20 04:36 . 2009-05-21 21:22 -------- d-----w- c:\documents and settings\Ben\Application Data\Skype
2009-08-20 04:36 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\Ben\Application Data\skypePM
2009-08-20 01:53 . 2009-01-18 15:25 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-20 01:53 . 2009-08-20 01:52 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-20 01:52 . 2009-01-18 15:24 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-19 19:31 . 2009-08-19 19:31 -------- d--h--r- c:\documents and settings\Ben\Application Data\SecuROM
2009-08-19 19:31 . 2009-08-19 19:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-18 12:41 . 2009-08-18 12:40 -------- d-----w- c:\program files\D-Tools
2009-08-18 04:54 . 2009-08-18 04:37 -------- d-----w- c:\documents and settings\Ben\Application Data\mIRC
2009-08-18 03:36 . 2009-01-16 03:07 -------- d-----w- c:\program files\Java
2009-08-18 02:37 . 2009-08-18 02:37 -------- d-----w- c:\program files\vSoft
2009-08-17 02:16 . 2009-08-07 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-17 02:16 . 2009-08-17 02:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-13 23:50 . 2009-04-07 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-12 23:04 . 2009-01-24 17:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-12 22:37 . 2009-08-12 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-08-12 22:29 . 2009-08-12 22:29 -------- d-----w- c:\program files\Shockwave.com
2009-08-12 14:16 . 2009-08-12 14:16 -------- d-----w- c:\documents and settings\Abi\Application Data\Atari
2009-08-12 03:17 . 2009-08-12 02:13 -------- d-----w- c:\program files\RealArcade
2009-08-12 02:16 . 2009-08-12 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\RealArcade
2009-08-12 02:15 . 2009-08-12 02:15 -------- d-----w- c:\program files\Zylom Games
2009-08-12 02:15 . 2009-08-12 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-08-07 19:47 . 2009-08-07 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-07 19:47 . 2009-08-07 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-06 03:47 . 2009-08-06 03:46 -------- d-----w- c:\program files\HyCam2
2009-08-06 01:07 . 2009-02-16 16:44 -------- d-----w- c:\program files\SwiftKit
2009-08-05 22:51 . 2009-02-16 16:28 34 ----a-w- c:\documents and settings\Ben\jagex_runescape_preferences.dat
2009-08-05 13:38 . 2009-02-01 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-05 13:38 . 2009-02-01 18:35 -------- d-----w- c:\program files\NOS
2009-08-04 18:19 . 2009-08-04 18:19 46180 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-04 18:18 . 2009-08-04 18:17 -------- d-----w- c:\program files\Safari
2009-07-27 20:41 . 2009-06-05 03:30 -------- d-----w- c:\program files\WindSolutions
2009-07-27 20:41 . 2009-06-05 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-07-27 04:01 . 2009-07-27 04:01 -------- d-----w- c:\program files\ipsXP
2009-07-26 23:39 . 2009-07-26 23:39 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA
2009-07-25 09:23 . 2009-01-16 13:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-15 09:48 . 2009-08-20 01:53 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-27 15:10 . 2009-06-27 15:10 0 ----a-w- c:\documents and settings\Ben\Application Data\itunesoption.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-01 2007832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

c:\documents and settings\Abi\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\Deanna\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-8-17 1447184]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\Laura\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-1-29 139776]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-01 12:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^ben^start menu^programs^startup^air mouse.lnk]
path=c:\documents and settings\Ben\Start Menu\Programs\Startup\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^ben^start menu^programs^startup^openoffice.org 3.0.lnk]
path=c:\documents and settings\Ben\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Dave\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Dave\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\list]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/15/2009 10:01 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/15/2009 10:01 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/15/2009 10:01 PM 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2/20/2009 8:57 PM 55152]
R2 simply accounting database connection manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [2/1/2009 3:47 PM 16680]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1/18/2009 11:25 AM 604488]
S1 e77b25f3;e77b25f3;c:\windows\system32\drivers\e77b25f3.sys [1/25/2009 5:19 PM 0]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/15/2009 10:01 PM 908056]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [4/7/2009 10:33 PM 1527900]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [1/31/2009 3:37 PM 28672]
S3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\system32\drivers\maestro.sys [6/15/2009 6:56 PM 48768]
S3 ndfs;ndfs;\??\c:\program files\Netdrive\ndfs.sys --> c:\program files\Netdrive\ndfs.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-24 19:53]

2009-09-19 c:\windows\Tasks\SyncBackSE iTunes Library.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2009-06-29 15:35]

2009-09-19 c:\windows\Tasks\User_Feed_Synchronization-{FC260F21-52D8-4B8B-AFC4-C59D0DCF381F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=vYOeFOBKsYtUIi69AUOgTw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: {2DBF8B08-443D-49C2-8AF0-D5CEE3D212FE} - c:\documents and settings\Abi\Local Settings\Application Data\{2DBF8B08-443D-49C2-8AF0-D5CEE3D212FE}
FF - HiddenExtension: XUL Cache: {AD35E7C4-3327-4545-9D18-92A5826F0DE9} - c:\documents and settings\Dave\Local Settings\Application Data\{AD35E7C4-3327-4545-9D18-92A5826F0DE9}
FF - HiddenExtension: XUL Cache: {A5DFCA5A-FE10-419E-91A9-66930BB1B2BF} - c:\documents and settings\Deanna\Local Settings\Application Data\{A5DFCA5A-FE10-419E-91A9-66930BB1B2BF}
FF - HiddenExtension: XUL Cache: {280C7ED6-0B91-4DF2-8F59-C738198B01F2} - c:\documents and settings\Ben\Local Settings\Application Data\{280C7ED6-0B91-4DF2-8F59-C738198B01F2}
FF - HiddenExtension: XUL Cache: {0106F0F5-8B26-47AC-A366-B75EF6440A7C} - c:\documents and settings\Laura\Local Settings\Application Data\{0106F0F5-8B26-47AC-A366-B75EF6440A7C}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-Ywowohayerida - c:\windows\upuhapaximi.dll
AddRemove-FoxyTunesForFirefox - e:\portable apps\PortableApps\FirefoxPortable\App\firefox\firefox.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 17:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3480)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\searchindexer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-19 17:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-19 21:57

Pre-Run: 15,802,028,032 bytes free
Post-Run: 15,655,624,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

339 --- E O F --- 2009-02-10 23:35

Shaba
2009-09-20, 11:59
Yes that was error from my side.

Infection borks permissions for exe files; we will need to fix them later.

Please now rerun win32kdiag.exe and post back fresh log.

neonfire999
2009-09-20, 18:14
Yes that was error from my side.

Infection borks permissions for exe files; we will need to fix them later.

Please now rerun win32kdiag.exe and post back fresh log.

It's ok. here is the log from win32kdiag.exe

Running from: C:\Documents and Settings\Ben\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Ben\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

[1] 2008-04-14 08:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()

[1] 2008-04-14 08:00:00 744448 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation)





Finished!

Shaba
2009-09-20, 20:08
Please copy C:\WINDOWS\system32\dllcache\helpsvc.exe to C:\WINDOWS\pchealth\helpctr\binaries, answer yes if asks to overwrite.

Rerun win32kdiag.exe and post back a fresh log, please.

neonfire999
2009-09-20, 21:20
Please copy C:\WINDOWS\system32\dllcache\helpsvc.exe to C:\WINDOWS\pchealth\helpctr\binaries, answer yes if asks to overwrite.

Rerun win32kdiag.exe and post back a fresh log, please.

When i try to copy the file there it says "Cannot copy helpsvc: Access is denied".

Shaba
2009-09-20, 21:47
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


FCopy::
C:\WINDOWS\system32\dllcache\helpsvc.exe | C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

neonfire999
2009-09-21, 03:43
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


FCopy::
C:\WINDOWS\system32\dllcache\helpsvc.exe | C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

here is the log

ComboFix 09-09-18.02 - Ben 09/20/2009 18:04.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.494 [GMT -4:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ben\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\helpsvc.exe --> c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-20 14:21 . 2009-09-20 14:21 -------- d-----w- c:\windows\LastGood
2009-09-20 04:44 . 2009-03-11 02:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-09-20 04:44 . 2009-09-20 14:23 -------- d-----w- c:\windows\system32\KB905474
2009-09-20 04:32 . 2009-09-20 04:32 -------- d-----w- c:\windows\ie8updates
2009-09-19 22:00 . 2009-09-19 22:00 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Apple_Inc
2009-09-19 20:45 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-19 20:45 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-19 20:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-18 02:12 . 2009-09-19 17:38 -------- d-----w- c:\documents and settings\Laura\Application Data\LimeWire
2009-09-18 02:12 . 2009-09-18 03:04 -------- d-----w- c:\documents and settings\Laura\.limewire
2009-09-14 01:03 . 2009-09-14 01:03 -------- d-----w- C:\iTunes Media
2009-09-12 18:59 . 2009-09-12 18:59 -------- d-----w- c:\program files\WinDirStat
2009-09-12 00:59 . 2009-09-12 00:59 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-12 00:56 . 2009-09-12 00:56 -------- d-----w- c:\program files\iPod
2009-09-12 00:55 . 2009-09-12 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 21:22 . 2009-09-11 21:22 -------- d-----w- c:\program files\Trend Micro
2009-09-11 21:16 . 2009-09-11 21:16 -------- d-----w- c:\program files\ERUNT
2009-09-01 22:51 . 2009-09-01 22:51 -------- d-----w- c:\program files\Sims2Programs.com
2009-09-01 21:59 . 2009-09-12 13:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-01 04:11 . 2009-09-01 04:11 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-01 04:02 . 2009-09-01 03:57 151552 ----a-w- c:\windows\system32\nvRegDev.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 21:58 . 2009-01-19 20:17 -------- d-----w- c:\documents and settings\Ben\Application Data\uTorrent
2009-09-20 15:55 . 2009-08-06 01:18 -------- d-----w- c:\documents and settings\Ben\Application Data\vlc
2009-09-20 14:13 . 2009-01-27 22:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-20 04:36 . 2009-01-27 22:38 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-20 03:43 . 2009-02-01 17:19 -------- d-----w- c:\documents and settings\Dave\Application Data\Apple Computer
2009-09-20 03:40 . 2009-02-01 20:16 73352 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 23:55 . 2009-01-26 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-19 20:39 . 2009-01-18 00:29 73352 ----a-w- c:\documents and settings\Ben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 19:43 . 2009-06-15 14:21 -------- d-----w- c:\program files\Microsoft Games
2009-09-18 20:31 . 2009-03-06 19:37 -------- d-----w- c:\documents and settings\Dave\Application Data\vlc
2009-09-18 02:46 . 2009-01-31 16:18 -------- d-----w- c:\documents and settings\Laura\Application Data\Apple Computer
2009-09-17 02:16 . 2009-05-27 19:14 256 ----a-w- c:\windows\system32\pool.bin
2009-09-16 22:11 . 2009-08-17 03:09 -------- d-----w- c:\program files\EA GAMES
2009-09-16 02:06 . 2009-01-19 21:43 -------- d-----w- c:\documents and settings\Abi\Application Data\LimeWire
2009-09-16 02:05 . 2009-02-07 16:48 -------- d-----w- c:\documents and settings\Abi\Application Data\vlc
2009-09-15 23:52 . 2009-01-21 22:08 -------- d-----w- c:\documents and settings\Abi\Application Data\Apple Computer
2009-09-14 19:49 . 2009-02-01 19:45 -------- d-----w- c:\program files\Simply Accounting Pro 2009
2009-09-12 03:31 . 2009-01-25 00:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-12 01:42 . 2009-01-18 00:44 -------- d-----w- c:\documents and settings\Ben\Application Data\Apple Computer
2009-09-12 00:57 . 2009-01-18 00:43 -------- d-----w- c:\program files\iTunes
2009-09-12 00:56 . 2009-01-18 00:42 -------- d-----w- c:\program files\Common Files\Apple
2009-09-12 00:51 . 2009-01-18 00:43 -------- d-----w- c:\program files\QuickTime
2009-09-11 21:23 . 2009-03-01 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-09 22:31 . 2009-01-24 17:09 -------- d-----w- c:\program files\Google
2009-09-08 23:13 . 2009-01-25 01:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-01 12:29 . 2009-01-16 02:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-01 12:29 . 2009-01-16 02:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-01 12:29 . 2009-01-16 02:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-01 04:10 . 2009-01-16 01:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 23:42 . 2009-03-18 17:54 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2009-01-18 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-21 00:19 . 2009-03-01 20:44 -------- d-----w- c:\documents and settings\Ben\Application Data\soundcrank
2009-08-20 05:27 . 2009-08-20 05:27 -------- d-----w- c:\program files\iLyrics
2009-08-20 04:36 . 2009-05-21 21:22 -------- d-----w- c:\documents and settings\Ben\Application Data\Skype
2009-08-20 04:36 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\Ben\Application Data\skypePM
2009-08-20 01:53 . 2009-01-18 15:25 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-20 01:53 . 2009-08-20 01:52 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-20 01:52 . 2009-01-18 15:24 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-19 19:31 . 2009-08-19 19:31 -------- d--h--r- c:\documents and settings\Ben\Application Data\SecuROM
2009-08-19 19:31 . 2009-08-19 19:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-18 12:41 . 2009-08-18 12:40 -------- d-----w- c:\program files\D-Tools
2009-08-18 04:54 . 2009-08-18 04:37 -------- d-----w- c:\documents and settings\Ben\Application Data\mIRC
2009-08-18 03:36 . 2009-01-16 03:07 -------- d-----w- c:\program files\Java
2009-08-18 02:37 . 2009-08-18 02:37 -------- d-----w- c:\program files\vSoft
2009-08-17 02:16 . 2009-08-07 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-17 02:16 . 2009-08-17 02:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-13 23:50 . 2009-04-07 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-12 23:04 . 2009-01-24 17:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-12 22:37 . 2009-08-12 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-08-12 22:29 . 2009-08-12 22:29 -------- d-----w- c:\program files\Shockwave.com
2009-08-12 14:16 . 2009-08-12 14:16 -------- d-----w- c:\documents and settings\Abi\Application Data\Atari
2009-08-12 03:17 . 2009-08-12 02:13 -------- d-----w- c:\program files\RealArcade
2009-08-12 02:16 . 2009-08-12 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\RealArcade
2009-08-12 02:15 . 2009-08-12 02:15 -------- d-----w- c:\program files\Zylom Games
2009-08-12 02:15 . 2009-08-12 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-08-07 19:47 . 2009-08-07 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-07 19:47 . 2009-08-07 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-06 03:47 . 2009-08-06 03:46 -------- d-----w- c:\program files\HyCam2
2009-08-06 01:07 . 2009-02-16 16:44 -------- d-----w- c:\program files\SwiftKit
2009-08-05 22:51 . 2009-02-16 16:28 34 ----a-w- c:\documents and settings\Ben\jagex_runescape_preferences.dat
2009-08-05 13:38 . 2009-02-01 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-05 13:38 . 2009-02-01 18:35 -------- d-----w- c:\program files\NOS
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 18:19 . 2009-08-04 18:19 46180 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-04 18:18 . 2009-08-04 18:17 -------- d-----w- c:\program files\Safari
2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-27 20:41 . 2009-06-05 03:30 -------- d-----w- c:\program files\WindSolutions
2009-07-27 20:41 . 2009-06-05 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-07-27 04:01 . 2009-07-27 04:01 -------- d-----w- c:\program files\ipsXP
2009-07-26 23:39 . 2009-07-26 23:39 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA
2009-07-25 09:23 . 2009-01-16 13:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 09:48 . 2009-08-20 01:53 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-14 03:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 15:10 . 2009-06-27 15:10 0 ----a-w- c:\documents and settings\Ben\Application Data\itunesoption.bin
.

((((((((((((((((((((((((((((( SnapShot@2009-09-19_21.45.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2008-04-14 12:00 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2008-04-14 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2009-01-16 02:22 . 2009-05-12 19:12 26144 c:\windows\system32\spupdsvc.exe
- 2009-01-16 02:22 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
- 2009-01-27 22:37 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2009-01-27 22:37 . 2009-05-12 19:12 16928 c:\windows\system32\spmsg.dll
+ 2008-04-14 12:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2008-04-14 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2008-04-14 12:00 . 2009-09-20 14:20 78462 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2009-03-08 17:50 78462 c:\windows\system32\perfc009.dat
+ 2009-01-15 22:38 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 91648 c:\windows\system32\mtxoci.dll
+ 2008-04-14 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 66560 c:\windows\system32\mtxclu.dll
- 2007-08-13 23:54 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2008-04-14 12:00 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2008-04-14 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2008-04-14 12:00 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2008-04-14 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-01-15 22:38 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-04-14 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-01-16 02:40 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-01-16 02:40 . 2009-03-08 08:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-04-14 12:00 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2008-04-14 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-04-14 12:00 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-04-14 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 84992 c:\windows\system32\avifil32.dll
+ 2009-09-20 04:35 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-09-20 04:35 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-09-20 04:35 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 132096 c:\windows\system32\wkssvc.dll
+ 2008-04-14 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
+ 2008-04-14 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 354304 c:\windows\system32\winhttp.dll
+ 2008-09-06 04:29 . 2009-03-11 02:18 934792 c:\windows\system32\WgaTray.exe
+ 2009-01-15 22:38 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-01-15 22:38 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-01-15 22:38 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2008-04-14 12:00 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2008-04-14 12:00 . 2008-12-05 06:54 144896 c:\windows\system32\schannel.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2008-04-14 12:00 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2008-04-14 12:00 . 2009-09-20 14:20 462500 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2009-03-08 17:50 462500 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 284160 c:\windows\system32\pdh.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
+ 2008-05-27 03:18 . 2009-05-25 04:24 350208 c:\windows\system32\mssph.dll
- 2008-05-27 03:18 . 2008-05-27 03:18 350208 c:\windows\system32\mssph.dll
- 2007-08-13 23:54 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 956928 c:\windows\system32\msdtctm.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
+ 2008-04-14 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2008-04-14 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 989696 c:\windows\system32\kernel32.dll
+ 2008-04-14 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
- 2008-04-14 12:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
- 2008-04-14 12:00 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
- 2009-01-15 17:20 . 2009-09-19 20:35 244720 c:\windows\system32\FNTCACHE.DAT
+ 2009-01-15 17:20 . 2009-09-20 14:13 244720 c:\windows\system32\FNTCACHE.DAT
+ 2009-01-15 22:38 . 2008-04-21 12:08 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2008-04-14 12:00 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-01-15 22:38 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-01-15 22:38 . 2009-02-09 12:10 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2008-04-14 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2008-04-14 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2008-09-06 04:29 . 2009-03-11 02:18 934792 c:\windows\system32\dllcache\WgaTray.exe
+ 2008-09-06 04:30 . 2009-03-11 02:18 239496 c:\windows\system32\dllcache\wgaLogon.dll
- 2009-01-15 22:40 . 2008-04-14 12:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-01-15 22:40 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
+ 2008-04-14 12:00 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-14 12:00 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe
+ 2008-04-14 12:00 . 2008-12-05 06:54 144896 c:\windows\system32\dllcache\schannel.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2008-04-14 12:00 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 284160 c:\windows\system32\dllcache\pdh.dll
+ 2008-04-14 12:00 . 2009-03-06 14:22 284160 c:\windows\system32\dllcache\pdh.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2008-04-14 12:00 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-01-16 02:40 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-01-16 02:40 . 2009-03-08 08:32 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-04-14 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2008-04-14 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2008-04-14 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 12:00 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 12:00 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-01-15 22:38 . 2009-02-09 12:10 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 617472 c:\windows\system32\dllcache\advapi32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 617472 c:\windows\system32\advapi32.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
+ 2009-09-20 04:44 . 2009-09-20 04:44 177664 c:\windows\Installer\1132a93.msi
+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\1132a7e.msp
+ 2009-09-20 04:33 . 2009-09-20 04:33 195584 c:\windows\Installer\1132a6d.msi
+ 2009-09-20 04:32 . 2009-09-20 04:32 248832 c:\windows\Installer\1132a67.msi
+ 2009-09-20 04:35 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-09-20 04:35 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-09-20 04:35 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-09-20 04:35 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-09-20 04:35 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-09-20 04:35 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-09-20 04:35 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-09-20 04:35 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-09-20 04:35 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-09-20 04:32 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-20 04:32 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-20 04:32 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
- 2008-04-14 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2008-04-14 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
+ 2008-04-14 12:00 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2008-04-14 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 8461312 c:\windows\system32\shell32.dll
+ 2008-04-14 12:00 . 2009-06-03 19:09 1291264 c:\windows\system32\quartz.dll
+ 2008-04-14 12:00 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
- 2008-04-14 12:00 . 2008-08-14 10:09 2145280 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:01 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
- 2008-04-14 00:01 . 2008-08-14 09:33 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2009-01-15 22:38 . 2009-06-10 13:19 2066432 c:\windows\system32\mstscax.dll
+ 2008-04-14 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
- 2008-04-14 12:00 . 2009-03-08 08:41 5937152 c:\windows\system32\mshtml.dll
+ 2008-03-20 23:06 . 2009-03-11 02:18 1482112 c:\windows\system32\LegitCheckControl.dll
+ 2007-08-13 23:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
- 2008-04-14 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 12:00 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2008-04-14 12:00 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-16 02:32 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-01-16 02:32 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-01-16 02:32 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-01-16 02:32 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-01-16 02:32 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-01-16 02:32 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-01-16 02:32 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-06-10 13:19 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-01-15 22:40 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-04-14 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
- 2008-04-14 12:00 . 2009-03-08 08:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 02:40 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-09-20 04:35 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-09-20 04:35 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-09-20 04:35 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-01-16 02:32 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-16 02:32 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-01-16 02:32 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-01-16 02:32 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-01-16 02:32 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-01-16 02:32 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-01-16 02:32 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-04-14 12:00 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2009-01-16 02:37 . 2009-08-28 18:38 24689600 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2009-07-19 22:48 11067392 c:\windows\system32\ieframe.dll
+ 2008-04-14 12:00 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-01-16 02:40 . 2009-07-19 22:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-09-20 04:33 . 2009-09-20 04:33 15709696 c:\windows\Installer\1132a74.msp
+ 2009-09-20 04:35 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-01 2007832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

c:\documents and settings\Abi\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\Deanna\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-8-17 1447184]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\Laura\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-1-29 139776]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-01 12:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^ben^start menu^programs^startup^air mouse.lnk]
path=c:\documents and settings\Ben\Start Menu\Programs\Startup\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^ben^start menu^programs^startup^openoffice.org 3.0.lnk]
path=c:\documents and settings\Ben\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Dave\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Dave\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\list]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/15/2009 10:01 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/15/2009 10:01 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/15/2009 10:01 PM 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2/20/2009 8:57 PM 55152]
R2 simply accounting database connection manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [2/1/2009 3:47 PM 16680]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1/18/2009 11:25 AM 604488]
S1 e77b25f3;e77b25f3;c:\windows\system32\drivers\e77b25f3.sys [1/25/2009 5:19 PM 0]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/15/2009 10:01 PM 908056]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [1/15/2009 10:22 PM 26144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [4/7/2009 10:33 PM 1527900]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [1/31/2009 3:37 PM 28672]
S3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\system32\drivers\maestro.sys [6/15/2009 6:56 PM 48768]
S3 ndfs;ndfs;\??\c:\program files\Netdrive\ndfs.sys --> c:\program files\Netdrive\ndfs.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-24 19:53]

2009-09-20 c:\windows\Tasks\SyncBackSE iTunes Library.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2009-06-29 15:35]

2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{FC260F21-52D8-4B8B-AFC4-C59D0DCF381F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=vYOeFOBKsYtUIi69AUOgTw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: {2DBF8B08-443D-49C2-8AF0-D5CEE3D212FE} - c:\documents and settings\Abi\Local Settings\Application Data\{2DBF8B08-443D-49C2-8AF0-D5CEE3D212FE}
FF - HiddenExtension: XUL Cache: {AD35E7C4-3327-4545-9D18-92A5826F0DE9} - c:\documents and settings\Dave\Local Settings\Application Data\{AD35E7C4-3327-4545-9D18-92A5826F0DE9}
FF - HiddenExtension: XUL Cache: {A5DFCA5A-FE10-419E-91A9-66930BB1B2BF} - c:\documents and settings\Deanna\Local Settings\Application Data\{A5DFCA5A-FE10-419E-91A9-66930BB1B2BF}
FF - HiddenExtension: XUL Cache: {280C7ED6-0B91-4DF2-8F59-C738198B01F2} - c:\documents and settings\Ben\Local Settings\Application Data\{280C7ED6-0B91-4DF2-8F59-C738198B01F2}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XUL Cache: {0106F0F5-8B26-47AC-A366-B75EF6440A7C} - c:\documents and settings\Laura\Local Settings\Application Data\{0106F0F5-8B26-47AC-A366-B75EF6440A7C}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 18:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-20 18:26
ComboFix-quarantined-files.txt 2009-09-20 22:25
ComboFix2.txt 2009-09-19 21:58

Pre-Run: 14,143,320,064 bytes free
Post-Run: 14,112,395,264 bytes free

517 --- E O F --- 2009-09-20 04:45

Shaba
2009-09-21, 07:13
That looks better :)

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

neonfire999
2009-09-22, 00:22
That looks better :)

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

It tried to open hijack this and am getting the same message i always get, "Windows cannot access the specified device, path, or file."

Shaba
2009-09-22, 12:42
Then please rerun win32kdiag and post back fresh log.

neonfire999
2009-09-22, 23:49
Then please rerun win32kdiag and post back fresh log.

here is the log,

Running from: C:\Documents and Settings\Ben\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Ben\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

Shaba
2009-09-23, 07:20
OK so that is then permission issue.

Download this and save it to HijackThis installation directory:

http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe

Drag & drop HijackThis.exe into it and let me know if HijackThis works now.

neonfire999
2009-09-24, 04:21
OK so that is then permission issue.

Download this and save it to HijackThis installation directory:

http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe

Drag & drop HijackThis.exe into it and let me know if HijackThis works now.

it still says that windows does not have permission to access the file.

Shaba
2009-09-24, 08:24
Please then try to reinstall HijackThis and let me know if it works now :)

neonfire999
2009-09-25, 00:00
Please then try to reinstall HijackThis and let me know if it works now :)

ok it wasn't in the control panel so i just deleted everything on my computer that had todo with hijackthis and then re-installed it and got the exe so now it works and here is the uninstall manager list.

7-Zip 4.65
Acrobat.com
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Age of Mythology
Age of Mythology - The Titans Expansion
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft PhotoStudio 5.5
ArcSoft VideoImpression 2
ATI - Software Uninstall Utility
ATI Display Driver
Audacity 1.2.6
AvantGo Client
AVG 8.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BlackBerry Desktop Software 4.3
Bonjour
Burger Shop 2™
CCScore
Choice Guard
ConvertHelper 2.2
DAEMON Tools
DivX
ERUNT 1.1j
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Firebird SQL Server - MAGIX Edition
FoxyTunes for Firefox
Free Studio version 4.1
Free YouTube to iPod Converter version 3.2
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Guitar Pro 5.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HyperCam 2
Insaniquarium Deluxe
iPhone Configuration Utility
iPhone Tunnel Suite 2.7 BETA
ips XP 1.11.2600
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Labtec WebCam
Labtec® Camera Driver
LAME v3.98.2 for Audacity
Last.fm 1.5.4.24567
LimeWire PRO 5.0.11
Logitech Audio Echo Cancellation Component
Logitech Gaming Software
Logitech Video Enumerator
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.7.106
MAGIX Music Maker 14 Producer Edition Download version 13.0.2.1 (US)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows Journal Viewer
MobileMe Control Panel
Mozilla Firefox (3.0.14)
MSN
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
MVision
MySQL Connector/ODBC 3.51
Nero 8 Lite 8.1.1.0
netbrdg
Notifier
NVIDIA DDS Utilities
OfotoXMI
OpenOffice.org 3.0
Palm Desktop by ACCESS
PCDADDIN
PCDHELP
Picasa 3
QuickTime
RCT3 Soaked
RealArcade
Richard Burns Rally
Roll
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister
RollerCoaster Tycoon 2: Wacky Worlds
RollerCoaster Tycoon® 3
Roxio Media Manager
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SFR
SHASTA
Simply Accounting by Sage 2009
SKIN0001
SKINXSDK
Skype™ 4.0
Soundcrank
SoundMAX
Spybot - Search & Destroy
staticcr
SwiftKit
SyncBackSE
Text-To-Speech-Runtime
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims 2 University - Crack
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
tooltips
TS2 Enhancer v.2.0
TuneUp Utilities 2009
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VLC media player 1.0.1
VPRINTOL
Web Games Player Plugin
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinSCP 4.1.8
WIRELESS

Shaba
2009-09-25, 07:12
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent
LimeWire PRO 5.0.11


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.

neonfire999
2009-09-26, 00:04
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent
LimeWire PRO 5.0.11


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.
ok i uninstalled those 2 programs and here is the list again

7-Zip 4.65
Acrobat.com
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Age of Mythology
Age of Mythology - The Titans Expansion
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft PhotoStudio 5.5
ArcSoft VideoImpression 2
ATI - Software Uninstall Utility
ATI Display Driver
Audacity 1.2.6
AvantGo Client
AVG 8.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BlackBerry Desktop Software 4.3
Bonjour
CCScore
Choice Guard
ConvertHelper 2.2
DAEMON Tools
DivX
ERUNT 1.1j
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Firebird SQL Server - MAGIX Edition
FoxyTunes for Firefox
Free Studio version 4.1
Free YouTube to iPod Converter version 3.2
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Guitar Pro 5.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HyperCam 2
iPhone Configuration Utility
iPhone Tunnel Suite 2.7 BETA
ips XP 1.11.2600
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Labtec WebCam
Labtec® Camera Driver
LAME v3.98.2 for Audacity
Last.fm 1.5.4.24567
Logitech Audio Echo Cancellation Component
Logitech Gaming Software
Logitech Video Enumerator
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.7.106
MAGIX Music Maker 14 Producer Edition Download version 13.0.2.1 (US)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows Journal Viewer
MobileMe Control Panel
Mozilla Firefox (3.0.14)
MSN
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
MVision
MySQL Connector/ODBC 3.51
Nero 8 Lite 8.1.1.0
netbrdg
Notifier
NVIDIA DDS Utilities
OfotoXMI
OpenOffice.org 3.0
Palm Desktop by ACCESS
PCDADDIN
PCDHELP
Picasa 3
QuickTime
RCT3 Soaked
RealArcade
Richard Burns Rally
Roll
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister
RollerCoaster Tycoon 2: Wacky Worlds
RollerCoaster Tycoon® 3
Roxio Media Manager
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SFR
SHASTA
Simply Accounting by Sage 2009
SKIN0001
SKINXSDK
Skype™ 4.0
Soundcrank
SoundMAX
Spybot - Search & Destroy
staticcr
SwiftKit
SyncBackSE
Text-To-Speech-Runtime
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims 2 University - Crack
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
tooltips
TS2 Enhancer v.2.0
TuneUp Utilities 2009
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VLC media player 1.0.1
VPRINTOL
Web Games Player Plugin
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinSCP 4.1.8
WIRELESS

Shaba
2009-09-26, 10:15
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


Folder::
c:\documents and settings\Laura\Application Data\LimeWire
c:\documents and settings\Laura\.limewire
c:\documents and settings\Ben\Application Data\uTorrent
c:\Program Files\LimeWire
c:\Program Files\uTorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\list]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

neonfire999
2009-10-02, 14:00
the log is too long, what do i do to post it?

Shaba
2009-10-02, 20:18
Then you can split it into multiple replies, please :)

Shaba
2009-10-11, 16:07
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.

tashi
2009-10-16, 22:08
Thank you Shaba. :)