Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Unable to run Hijack This

  1. #1
    Junior Member
    Join Date
    Oct 2009
    Location
    Orlando, FL
    Posts
    10

    Unhappy Unable to run Hijack This

    Ok as stated in the title I am unable to run HijackThis on my computer. I'm currently using Windows XP Service Pack 3.

    The issues I'm getting are adware popups all the time and I am unable to run any installed anti-virus or anti-spyware programs, various portable apps work, but are unable to actually do anything as they get denied access. I get a message indicating that I do not have sufficient privileges. When I tried to run HijackThis, it opened, but when I tried to get the log it just quit.

    Thanks in advance for the help.

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi DictatorZero

    Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Oct 2009
    Location
    Orlando, FL
    Posts
    10

    Post here is the Win32diag log

    Running from: C:\Documents and Settings\Eric\Desktop\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Eric\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE90.tmp\ZAPE90.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF6A.tmp\ZAPF6A.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF98.tmp\ZAPF98.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\temp\temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\tmp\tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Config\Config

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\chsime\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp98\imejp98

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\shared\res\res

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\classes\classes

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\trustlib\trustlib

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\MSSecurityNi\logs\logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\MSSecurityNS\logs\logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

    Mount point destination : \Device\__max++>\^

    Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

    [1] 2008-04-14 07:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()

  4. #4
    Junior Member
    Join Date
    Oct 2009
    Location
    Orlando, FL
    Posts
    10

    Exclamation disabled my anti-virus program for this one

    Running from: C:\Documents and Settings\Eric\Desktop\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Eric\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE90.tmp\ZAPE90.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF6A.tmp\ZAPF6A.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF98.tmp\ZAPF98.tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\temp\temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\assembly\tmp\tmp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Config\Config

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\chsime\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imejp98\imejp98

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\ime\shared\res\res

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\classes\classes

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\java\trustlib\trustlib

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\MSSecurityNi\logs\logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\MSSecurityNS\logs\logs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

    Mount point destination : \Device\__max++>\^

    Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

    [1] 2008-04-14 07:00:00 744448 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()



    Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\PIF\PIF

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\95b0eb6de61f9c4758f6dd82521ed694\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

    Mount point destination : \Device\__max++>\^

    Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

    Mount point destination : \Device\__max++>\^

    Cannot access: C:\WINDOWS\system32\eventlog.dll

    [1] 2008-04-14 07:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

    [2] 2008-04-14 07:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



    Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

    Mount point destination : \Device\__max++>\^



    Finished!

  5. #5
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
    "%userprofile%\desktop\win32kdiag.exe" -f -r
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  6. #6
    Junior Member
    Join Date
    Oct 2009
    Location
    Orlando, FL
    Posts
    10

    Exclamation win32kdiag new log

    Running from: C:\Documents and Settings\Eric\desktop\win32kdiag.exe

    Log file at : C:\Documents and Settings\Eric\Desktop\Win32kDiag.txt

    Removing all found mount points.

    Attempting to reset file permissions.

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...



    Cannot access: C:\WINDOWS\system32\eventlog.dll

    Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

    [1] 2008-04-14 07:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

    [2] 2008-04-14 07:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



    Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

    Mount point destination : \Device\__max++>\^

    Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



    Finished!

  7. #7
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    http://www.bleepingcomputer.com/comb...o-use-combofix

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    If you need help to disable your protection programs see here.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #8
    Junior Member
    Join Date
    Oct 2009
    Location
    Orlando, FL
    Posts
    10

    Exclamation first the log for ComboFix followed by the log for HijackThis

    ComboFix 09-11-01.04 - Eric 11/02/2009 23:04.1.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2732 [GMT -5:00]
    Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\E00A9AB2.x86.dll
    c:\windows\system32\images
    c:\windows\system32\images\toolbar\calendar.gif
    c:\windows\system32\images\toolbar\crlogo.gif
    c:\windows\system32\images\toolbar\export.gif
    c:\windows\system32\images\toolbar\export_over.gif
    c:\windows\system32\images\toolbar\exportd.gif
    c:\windows\system32\images\toolbar\First.gif
    c:\windows\system32\images\toolbar\first_over.gif
    c:\windows\system32\images\toolbar\Firstd.gif
    c:\windows\system32\images\toolbar\gotopage.gif
    c:\windows\system32\images\toolbar\gotopage_over.gif
    c:\windows\system32\images\toolbar\gotopaged.gif
    c:\windows\system32\images\toolbar\grouptree.gif
    c:\windows\system32\images\toolbar\grouptree_over.gif
    c:\windows\system32\images\toolbar\grouptreed.gif
    c:\windows\system32\images\toolbar\grouptreepressed.gif
    c:\windows\system32\images\toolbar\Last.gif
    c:\windows\system32\images\toolbar\last_over.gif
    c:\windows\system32\images\toolbar\Lastd.gif
    c:\windows\system32\images\toolbar\Next.gif
    c:\windows\system32\images\toolbar\next_over.gif
    c:\windows\system32\images\toolbar\Nextd.gif
    c:\windows\system32\images\toolbar\Prev.gif
    c:\windows\system32\images\toolbar\prev_over.gif
    c:\windows\system32\images\toolbar\Prevd.gif
    c:\windows\system32\images\toolbar\print.gif
    c:\windows\system32\images\toolbar\print_over.gif
    c:\windows\system32\images\toolbar\printd.gif
    c:\windows\system32\images\toolbar\Refresh.gif
    c:\windows\system32\images\toolbar\refresh_over.gif
    c:\windows\system32\images\toolbar\refreshd.gif
    c:\windows\system32\images\toolbar\Search.gif
    c:\windows\system32\images\toolbar\search_over.gif
    c:\windows\system32\images\toolbar\searchd.gif
    c:\windows\system32\images\toolbar\up.gif
    c:\windows\system32\images\toolbar\up_over.gif
    c:\windows\system32\images\toolbar\upd.gif
    c:\windows\system32\images\tree\begindots.gif
    c:\windows\system32\images\tree\beginminus.gif
    c:\windows\system32\images\tree\beginplus.gif
    c:\windows\system32\images\tree\blank.gif
    c:\windows\system32\images\tree\blankdots.gif
    c:\windows\system32\images\tree\dots.gif
    c:\windows\system32\images\tree\lastdots.gif
    c:\windows\system32\images\tree\lastminus.gif
    c:\windows\system32\images\tree\lastplus.gif
    c:\windows\system32\images\tree\Magnify.gif
    c:\windows\system32\images\tree\minus.gif
    c:\windows\system32\images\tree\minusbox.gif
    c:\windows\system32\images\tree\plus.gif
    c:\windows\system32\images\tree\plusbox.gif
    c:\windows\system32\images\tree\singleminus.gif
    c:\windows\system32\images\tree\singleplus.gif

    Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
    Restored copy from - c:\windows\system32\logevent.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


    ((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
    .

    2009-10-30 20:27 . 2009-10-30 20:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SecuROM
    2009-10-30 20:17 . 2009-10-30 20:17 -------- d-----w- c:\program files\2K Games
    2009-10-30 01:00 . 2009-10-30 01:00 -------- d-----w- c:\program files\Trend Micro
    2009-10-30 00:58 . 2009-10-30 00:58 -------- d-----w- c:\program files\ERUNT
    2009-10-30 00:39 . 2009-10-30 00:39 -------- d-----w- c:\program files\Uniblue
    2009-10-29 20:30 . 2009-10-29 20:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-10-29 17:29 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2009-10-29 16:45 . 2009-10-29 16:45 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2009-10-29 16:40 . 2009-11-03 04:09 -------- d--h--w- c:\windows\PIF
    2009-10-29 16:32 . 2009-10-29 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2009-10-29 16:15 . 2009-10-29 16:48 -------- d-----w- c:\program files\SpybotSD
    2009-10-28 13:19 . 2009-10-29 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-10-28 13:19 . 2009-10-29 16:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-10-28 12:40 . 2009-11-03 03:09 0 ----a-r- c:\windows\win32k.sys
    2009-10-26 02:02 . 2009-10-26 02:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-10-24 02:47 . 2009-10-24 02:47 0 ----a-w- c:\windows\nsreg.dat
    2009-10-24 02:47 . 2009-10-24 02:47 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Mozilla
    2009-10-24 02:45 . 2009-10-24 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2009-10-24 01:25 . 2009-10-24 01:25 -------- d-----w- c:\documents and settings\Eric\Application Data\InstallShield Installation Information
    2009-10-24 01:15 . 2009-10-24 01:15 -------- d-----w- c:\program files\Unreal Tournament 3
    2009-10-24 01:15 . 2009-10-24 01:15 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
    2009-10-23 22:07 . 2009-10-31 03:17 -------- d-----w- c:\program files\Steam
    2009-10-23 21:54 . 2009-10-23 21:54 -------- d-----w- c:\program files\Common Files\Softimage
    2009-10-23 21:53 . 2009-08-12 02:29 57344 ------w- c:\windows\system32\XSIChooser.exe
    2009-10-23 21:51 . 2009-10-23 21:51 -------- d-----w- C:\Softimage
    2009-10-23 21:49 . 2009-10-23 21:49 -------- d-----w- c:\documents and settings\Eric\Application Data\InstallShield
    2009-10-23 21:48 . 2009-10-23 21:48 -------- d-----w- c:\documents and settings\Eric\Application Data\Autodesk
    2009-10-23 21:48 . 2009-10-23 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Alias
    2009-10-23 21:37 . 2009-10-23 21:37 8 ----a-w- c:\windows\system32\nvModes.dat
    2009-10-23 21:18 . 2009-10-23 21:19 -------- d-----w- c:\program files\Common Files\Alias Shared
    2009-10-23 21:12 . 2009-10-23 21:12 -------- d-----w- c:\program files\Common Files\en-US
    2009-10-23 21:12 . 2009-10-23 21:12 -------- d-----w- c:\program files\Common Files\ja-JP
    2009-10-23 21:05 . 2009-10-23 21:05 -------- d-sh--w- c:\documents and settings\Eric\PrivacIE
    2009-10-23 21:01 . 2009-10-23 21:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared
    2009-10-23 21:00 . 2009-10-23 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
    2009-10-23 20:59 . 2009-10-23 21:47 -------- d-----w- c:\program files\Autodesk
    2009-10-23 20:59 . 2008-07-31 14:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
    2009-10-23 20:59 . 2008-07-31 14:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
    2009-10-23 20:59 . 2008-07-31 14:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
    2009-10-23 20:59 . 2008-07-12 12:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2009-10-23 20:59 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2009-10-23 20:59 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2009-10-23 20:46 . 2009-10-23 20:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2009-10-23 20:45 . 2009-10-23 20:45 -------- d-sh--w- c:\documents and settings\Eric\IETldCache
    2009-10-23 04:21 . 2009-10-23 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
    2009-10-23 04:00 . 2008-04-07 09:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2009-10-23 04:00 . 2008-04-07 09:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
    2009-10-23 03:24 . 2009-10-23 03:24 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2009-10-23 03:16 . 2009-10-23 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2009-10-23 03:16 . 2009-10-23 03:16 -------- d-----w- C:\NVIDIA
    2009-10-23 01:58 . 2009-10-23 01:58 -------- d-----w- c:\program files\Razer
    2009-10-23 01:14 . 2009-10-23 01:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\NVIDIA Corporation
    2009-10-23 00:31 . 2009-10-23 00:31 -------- d-----w- c:\program files\Adobe Media Player
    2009-10-23 00:30 . 2009-10-23 00:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-10-23 00:14 . 2009-10-23 00:14 -------- d-----w- c:\documents and settings\Eric\Application Data\Leadertech
    2009-10-23 00:05 . 2009-10-23 00:05 -------- d-----w- C:\NeverwinterNights
    2009-10-22 23:52 . 2009-10-22 23:52 -------- d-----w- c:\windows\system32\js
    2009-10-22 23:52 . 2009-10-22 23:52 -------- d-----w- c:\windows\system32\html
    2009-10-22 23:38 . 2009-10-22 23:38 -------- d-----w- c:\program files\CE Remote Tools
    2009-10-22 23:37 . 2009-10-22 23:37 -------- d-----w- c:\program files\Microsoft Web Designer Tools
    2009-10-22 23:15 . 2009-10-22 23:15 -------- d-----w- c:\program files\Bethesda Softworks
    2009-10-22 23:15 . 2009-10-22 23:21 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Oblivion
    2009-10-22 23:12 . 2009-10-22 23:12 -------- d-----w- c:\windows\MSSecurityNS
    2009-10-22 23:12 . 2009-10-22 23:12 -------- d-----w- c:\windows\MSSecurityNi
    2009-10-22 23:12 . 2009-10-22 23:12 -------- d-----w- c:\program files\Nik Software
    2009-10-22 23:10 . 2009-10-22 23:10 -------- d-----w- c:\program files\Corel
    2009-10-22 23:10 . 2009-10-22 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
    2009-10-22 22:55 . 2009-11-03 03:18 -------- d-----w- c:\documents and settings\Eric\Application Data\WTablet
    2009-10-22 22:55 . 2009-10-24 13:09 -------- d-----w- c:\documents and settings\Eric\Application Data\WTouch
    2009-10-22 22:55 . 2009-07-15 16:13 220968 ------w- c:\windows\system32\Touch_Tablet.dll
    2009-10-22 22:55 . 2009-10-22 22:55 -------- d-----w- c:\program files\WTouch
    2009-10-22 22:55 . 2007-02-16 00:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
    2009-10-22 22:55 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2009-10-22 22:55 . 2009-05-20 19:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2009-10-22 22:55 . 2009-10-22 22:55 -------- d-----w- c:\windows\system32\WTablet
    2009-10-22 22:55 . 2009-07-15 16:07 284672 ------w- c:\windows\system32\Wintab32.dll
    2009-10-22 22:55 . 2009-07-15 16:13 392488 ------w- c:\windows\system32\Pen_Tablet.dll
    2009-10-22 22:55 . 2009-07-15 16:13 4408616 ------w- c:\windows\system32\Pen_Tablet.exe
    2009-10-22 22:55 . 2009-10-22 22:55 -------- d-----w- c:\program files\Tablet
    2009-10-22 22:45 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2009-10-22 22:43 . 2008-04-14 04:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2009-10-22 18:48 . 2009-10-22 18:48 -------- d-----w- c:\windows\Performance
    2009-10-22 18:48 . 2009-10-22 18:48 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Microsoft Corporation
    2009-10-22 18:48 . 2009-10-22 18:48 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2009-10-22 18:35 . 2009-10-22 18:35 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\My Games
    2009-10-22 18:18 . 2009-10-22 18:18 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2009-10-22 18:15 . 2009-10-22 18:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-10-22 18:15 . 2009-10-22 18:15 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-10-22 18:15 . 2009-10-22 18:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2009-10-22 18:15 . 2009-10-22 18:15 2250024 ----a-w- c:\windows\system32\pbsvc.exe
    2009-10-22 18:15 . 2009-10-22 18:15 -------- d-----w- c:\windows\system32\LogFiles
    2009-10-22 18:14 . 2009-10-22 18:14 -------- d-sh--w- c:\documents and settings\Eric\UserData
    2009-10-22 18:11 . 2009-10-22 18:11 -------- d-----w- c:\program files\Ubisoft
    2009-10-22 18:03 . 2009-10-22 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
    2009-10-22 18:03 . 2009-10-22 18:03 -------- d-----w- c:\program files\Citrix
    2009-10-22 18:03 . 2009-10-22 18:03 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\Citrix
    2009-10-22 18:02 . 2009-10-22 18:02 61224 ----a-w- c:\documents and settings\Eric\GoToAssistDownloadHelper.exe
    2009-10-22 18:02 . 2009-10-22 18:02 -------- d-----w- c:\windows\Sun
    2009-10-22 17:44 . 2009-10-22 17:44 -------- d-----w- c:\documents and settings\Eric\Application Data\Windows Search
    2009-10-22 17:39 . 2009-10-22 17:39 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\SupportSoft
    2009-10-22 17:24 . 2008-04-14 05:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2009-10-21 13:15 . 2009-09-27 20:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
    2009-10-21 13:15 . 2009-09-24 13:24 490088 ----a-w- c:\windows\system32\nvuninst.exe
    2009-10-21 13:15 . 2008-01-15 03:20 3636 ----a-w- c:\windows\system32\drivers\nvphy.bin
    2009-10-21 13:15 . 2008-01-15 03:20 356352 ----a-w- c:\windows\system32\nvunrm.exe
    2009-10-21 13:15 . 2008-10-03 11:12 53504 ----a-w- c:\windows\system32\drivers\1394bus.sys
    2009-10-21 13:15 . 2008-04-14 12:16 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
    2009-10-21 13:15 . 2001-08-18 01:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
    2009-10-21 13:15 . 2008-04-14 12:15 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2009-10-21 09:11 . 2004-09-15 12:28 480768 ----a-w- c:\windows\system32\Audiodev.dll
    2009-10-21 09:11 . 2004-09-15 12:28 175104 ----a-w- c:\windows\system32\wmpsrcwp.dll
    2009-10-21 09:11 . 2004-09-15 12:28 1589760 ----a-w- c:\windows\system32\wmpencen.dll
    2009-10-21 09:09 . 2009-10-22 21:32 -------- d-----w- C:\DELL
    2009-10-21 06:44 . 2009-09-16 14:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
    2009-10-21 06:44 . 2009-04-09 18:23 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
    2009-10-21 06:44 . 2009-10-23 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2009-10-21 06:44 . 2009-09-16 14:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2009-10-21 06:44 . 2009-09-16 14:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
    2009-10-21 06:44 . 2009-09-16 14:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2009-10-21 06:44 . 2009-09-16 14:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2009-10-21 06:44 . 2009-06-23 17:57 -------- d-----w- c:\program files\Common Files\McAfee
    2009-10-21 06:44 . 2009-06-30 06:27 -------- d-----w- c:\program files\McAfee.com
    2009-10-21 06:43 . 2009-11-03 03:15 -------- d-----w- c:\program files\McAfee
    2009-10-21 06:43 . 2009-10-21 06:43 -------- d-----w- c:\program files\Dell
    2009-10-21 06:43 . 2009-10-21 06:43 -------- d-----w- c:\program files\Microsoft Plus! Photo Story 2 LE

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-30 22:04 . 2009-10-30 22:04 1758 ----a-w- c:\documents and settings\Eric\Application Data\Profile0.dat
    2009-10-30 20:16 . 2009-10-30 20:16 -------- d-----w- c:\program files\DIFX
    2009-10-23 20:45 . 2009-10-22 17:27 44736 ----a-w- c:\documents and settings\Eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-23 03:16 . 2009-10-21 06:27 -------- d-----w- c:\program files\NVIDIA Corporation
    2009-10-23 00:09 . 2009-10-21 06:27 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-10-23 00:04 . 2009-10-21 06:27 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-10-22 23:52 . 2009-10-22 23:52 -------- d-----w- c:\program files\Business Objects
    2009-10-22 23:52 . 2009-10-22 23:38 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
    2009-10-22 23:51 . 2009-10-22 23:47 -------- d-----w- c:\program files\Microsoft SQL Server
    2009-10-22 23:49 . 2009-10-22 23:49 -------- d-----w- c:\program files\MSXML 6.0
    2009-10-22 23:47 . 2009-10-22 23:47 -------- d-----w- c:\program files\Microsoft Device Emulator
    2009-10-22 23:47 . 2009-10-22 23:46 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
    2009-10-22 23:46 . 2009-10-22 23:46 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2009-10-22 23:43 . 2009-10-22 23:38 -------- d-----w- c:\program files\Common Files\Merge Modules
    2009-10-22 23:43 . 2009-10-22 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
    2009-10-22 23:40 . 2009-10-22 23:38 -------- d-----w- c:\program files\HTML Help Workshop
    2009-10-22 23:40 . 2008-04-25 21:42 -------- d-----w- c:\program files\MSBuild
    2009-10-22 23:38 . 2009-10-22 23:38 -------- d-----w- c:\program files\Microsoft SDKs
    2009-10-22 18:15 . 2009-10-22 18:15 22328 ----a-w- c:\documents and settings\Eric\Application Data\PnkBstrK.sys
    2009-10-22 17:38 . 2009-10-21 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
    2009-10-21 09:10 . 2009-10-21 09:10 6492 ----a-w- c:\windows\system32\drivers\1028_Dell_XPS_XPS_630I.mrk
    2009-10-21 06:35 . 2009-10-22 17:27 -------- d-----w- c:\documents and settings\Eric\Application Data\Roxio Log Files
    2009-10-21 06:35 . 2009-10-22 17:27 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Roxio Log Files
    2009-10-21 06:29 . 2009-10-21 06:27 -------- d-----w- c:\program files\Creative
    2009-10-21 06:28 . 2009-10-21 06:28 413696 ----a-w- c:\windows\system32\wrap_oal.dll
    2009-10-21 06:28 . 2009-10-21 06:28 110592 ----a-w- c:\windows\system32\OpenAL32.dll
    2009-10-21 06:27 . 2009-10-21 06:27 -------- d-----w- c:\program files\Alienware
    2009-10-21 06:24 . 2009-10-21 06:24 -------- d-----w- c:\program files\Windows Desktop Search
    2009-10-21 06:24 . 2009-10-22 17:27 -------- d-----w- c:\documents and settings\Eric\Application Data\Windows Desktop Search
    2009-10-21 06:24 . 2009-10-22 17:27 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Windows Desktop Search
    2009-10-21 06:24 . 2009-10-21 06:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
    2009-10-21 06:21 . 2009-10-21 06:21 -------- d-----w- c:\program files\MSXML 4.0
    2009-09-27 22:20 . 2009-09-27 22:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
    2009-09-27 22:20 . 2009-09-27 22:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2009-09-27 22:19 . 2009-09-27 22:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
    2009-09-27 22:19 . 2009-09-27 22:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
    2009-09-27 22:19 . 2009-09-27 22:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
    2009-09-27 22:19 . 2009-09-27 22:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
    2009-09-27 22:19 . 2009-09-27 22:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
    2009-09-27 22:19 . 2009-09-27 22:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
    2009-09-27 22:19 . 2009-09-27 22:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
    2009-09-27 22:19 . 2009-09-27 22:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
    2009-09-27 22:19 . 2009-09-27 22:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
    2009-09-27 22:19 . 2009-09-27 22:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
    2009-09-27 22:19 . 2009-09-27 22:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
    2009-09-27 20:12 . 2009-10-21 09:10 888832 ----a-w- c:\windows\system32\nvapi.dll
    2009-09-27 20:12 . 2009-10-21 09:10 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2009-09-27 20:12 . 2009-10-21 09:10 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
    2009-09-27 20:12 . 2009-10-21 09:10 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
    2009-09-27 20:12 . 2009-10-21 09:10 2007040 ----a-w- c:\windows\system32\nvcuda.dll
    2009-09-27 20:12 . 2009-10-21 09:10 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
    2009-09-27 20:12 . 2009-10-21 09:10 170600 ----a-w- c:\windows\system32\nvcodins.dll
    2009-09-27 20:12 . 2009-10-21 09:10 170600 ----a-w- c:\windows\system32\nvcod.dll
    2009-09-27 20:12 . 2009-10-21 09:10 1604482 ----a-w- c:\windows\system32\nvdata.bin
    2009-09-27 20:12 . 2009-10-21 09:10 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
    2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
    2009-09-11 14:18 . 2008-04-25 16:16 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 21:03 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-29 08:08 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-26 08:00 . 2008-04-25 16:16 247326 ----a-w- c:\windows\system32\strmdll.dll
    2009-08-14 17:36 . 2009-08-14 17:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
    2009-08-06 23:24 . 2008-04-25 21:27 327896 ----a-w- c:\windows\system32\wucltui.dll
    2009-08-06 23:24 . 2008-04-25 21:27 209632 ----a-w- c:\windows\system32\wuweb.dll
    2009-08-06 23:24 . 2008-10-16 19:09 44768 ----a-w- c:\windows\system32\wups2.dll
    2009-08-06 23:24 . 2008-04-25 21:27 35552 ----a-w- c:\windows\system32\wups.dll
    2009-08-06 23:24 . 2008-04-25 21:27 53472 ----a-w- c:\windows\system32\wuauclt.exe
    2009-08-06 23:24 . 2008-04-25 16:16 96480 ----a-w- c:\windows\system32\cdm.dll
    2009-08-06 23:23 . 2008-04-25 21:27 575704 ----a-w- c:\windows\system32\wuapi.dll
    2009-08-06 23:23 . 2008-04-25 21:27 1929952 ----a-w- c:\windows\system32\wuaueng.dll
    2009-08-05 09:01 . 2008-04-25 16:16 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-05-15 01:02 . 2009-05-15 01:02 3392872 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
    2009-05-15 01:02 . 2009-05-15 01:02 3298152 ----a-w- c:\program files\Common Files\adlmint.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-05-30 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-19 203296]
    "AlienFX Controller"="c:\program files\Alienware\AlienFX\AlienwareAlienFXController.exe" [2009-02-18 45056]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2009-07-27 24064]

    c:\documents and settings\Eric\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-6-5 708608]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-10-22 18:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^Eric^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
    path=c:\documents and settings\Eric\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
    backup=c:\windows\pss\Neverwinter Nights Registration.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "stllssvr"=3 (0x3)
    "SessionLauncher"=2 (0x2)
    "SeaPort"=2 (0x2)
    "idsvc"=3 (0x3)
    "GoToAssist"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
    "c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
    "c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\killingfloor\\System\\KillingFloor.exe"=
    "c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [10/22/2009 5:55 PM 4408616]
    R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [10/22/2009 5:55 PM 112936]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/21/2009 4:10 AM 198168]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/21/2009 4:10 AM 1353240]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/21/2009 4:10 AM 73752]
    R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [10/21/2009 4:10 AM 1232920]
    S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 4:36 PM 86016]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [6/10/2009 10:59 AM 166384]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [10/21/2009 1:27 AM 79360]
    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/21/2009 4:10 AM 198168]
    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/21/2009 4:10 AM 1353240]
    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/21/2009 4:10 AM 73752]
    S3 PCDSRVC{A762A74B-20E584C3-06000000}_0;PCDSRVC{A762A74B-20E584C3-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\HWDiag\bin\pcdsrvc.pkms [4/27/2009 6:16 PM 20856]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [6/10/2009 10:58 AM 1124848]
    S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [6/10/2009 10:59 AM 309744]
    S4 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MBR
    *Deregistered* - mbr
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\41xieux7.default\
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
    AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
    AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-02 23:10
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTxfiHlp = CTXFIHLP.EXE?

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{A762A74B-20E584C3-06000000}_0]
    "ImagePath"="\??\c:\program files\dell support center\hwdiag\bin\pcdsrvc.pkms"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(692)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

    - - - - - - - > 'explorer.exe'(2492)
    c:\windows\system32\WININET.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Creative\Shared Files\CTAudSvc.exe
    c:\program files\WTouch\WTouchUser.exe
    c:\windows\SYSTEM32\CTXFISPI.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\Common Files\mcafee\mna\mcnasvc.exe
    c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\program files\McAfee\MSK\MskSrver.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\WTablet\Pen_TabletUser.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Alienware\AlienFX\AlienFXHook32Mngr.exe
    c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-11-03 23:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-11-03 04:16

    Pre-Run: 396,938,461,184 bytes free
    Post-Run: 397,323,915,264 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

    - - End Of File - - 641B78F7BD59C486FD84FD8D173A14DB





    ********************************************************
    One thing to note about the HijackThis log, and I don't know if this will effect anything, but I hat to install it to a different location then the default, as it was still being blocked.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:22:48 PM, on 11/2/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WTouch\WTouchService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Program Files\WTouch\WTouchUser.exe
    C:\WINDOWS\system32\nvraidservice.exe
    C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Alienware\AlienFX\AlienFXHook32Mngr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\TM\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [AlienFX Controller] "C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: SketchBook Snapshot.lnk = C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s.../SysProExe.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

    --
    End of file - 11464 bytes

  9. #9
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    That looks good

    Please rerun win32kdiag and post back its log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #10
    Junior Member
    Join Date
    Oct 2009
    Location
    Orlando, FL
    Posts
    10

    Exclamation Win32Diag log

    Running from: C:\Documents and Settings\Eric\Desktop\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Eric\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...





    Finished!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •