Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avr09,braviax.exe. and possible others (unable to get dds to run)


  • This topic is locked This topic is locked
22 replies to this topic

#1 xXTetsujinXx

xXTetsujinXx

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 14 September 2009 - 06:18 PM

since i couldent get dds to run i was told to use System Repair Engineer heres my log file


2009-09-14,15:43:07

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
	<msnmsgr><"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
	<Aim6><>  [N/A]
	<updateMgr><"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1>  [File is missing]
	<TomTomHOME.exe><"C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s>  [(Verified)TomTom International BV]
	<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
	<SansaDispatch><"C:\Documents and Settings\HP_Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe">  [SanDisk Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<HPHUPD08><"c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe">  [Hewlett-Packard]
	<HPBootOp><"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run>  [Hewlett-Packard Company]
	<LSBWatcher><c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe>  [Hewlett-Packard Company]
	<HP Software Update><"C:\Program Files\HP\HP Software Update\HPwuSchd2.exe">  [Hewlett-Packard Co.]
	<Lexmark X1100 Series><"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe">  [Lexmark International, Inc.]
	<itype><"C:\Program Files\Microsoft IntelliType Pro\itype.exe">  [(Verified)Microsoft Corporation]
	<IntelliPoint><"C:\Program Files\Microsoft IntelliPoint\ipoint.exe">  [(Verified)Microsoft Corporation]
	<SiSPower><"Rundll32.exe" SiSPower.dll,ModeAgent>  [Silicon Integrated Systems Corporation]
	<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
	<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
	<osCheck><"C:\Program Files\Norton AntiVirus\osCheck.exe">  [File is missing]
	<SMSERIAL><sm56hlpr.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Motive SmartBridge><C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe>  [Motive Communications, Inc.]
	<Symantec PIF AlertEng><"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll">  [File is missing]
	<QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
	<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
	<Zune Launcher><"c:\Program Files\Zune\ZuneLauncher.exe">  [(Verified)Microsoft Corporation]
	<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
	<diyogijaha><Rundll32.exe "C:\WINDOWS\system32\buyenayo.dll",s>  []
	<SpySweeper><"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray>  [(Verified)"Webroot Software, Inc."]
	<doyageyad><Rundll32.exe "c:\windows\system32\sujehihu.dll",a>  []
	<winupdate.exe><C:\WINDOWS\system32\winupdate.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><C:\WINDOWS\system32\cru629.dat c:\windows\system32\sujehihu.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
	<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
	<UPnPMonitor><C:\WINDOWS\system32\upnpui.dll>  [(Verified)Microsoft Windows Publisher]
	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
	<yejuzerak><c:\windows\system32\sujehihu.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
	<WinlogonNotify: WRNotifier><WRLogonNTF.dll>  [(Verified)"Webroot Software, Inc."]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}><C:\WINDOWS\system32\tajf83ikdmf.dll>  []
	<{ec82ff88-dbee-4945-95b3-1738ec6068f7}><c:\windows\system32\sujehihu.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{19FB76C6-DBEF-44B5-A053-ECDF5F855A07}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
	<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
	<IE Tour Reset Stub><C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12>  [File is missing]

==================================
Startup Folders
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[HughesNet Tools]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HughesNet Tools.lnk --> C:\PROGRA~1\HUGHES~1\bin\matcli.exe [Motive Communications, Inc.]><N>

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Google Update Service (gupdate) / gupdate][Stopped/Auto Start]
  <"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc><Google Inc.>
[Google Software Updater / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[LexBce Server / LexBceS][Running/Auto Start]
  <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Boot Start]
  <\SystemRoot\C:\WINDOWS\system32\HPZipm12.exe><(File is missing)>
[Remote Access Connection Manager / RasMan][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasmans.dll><Microsoft Corporation>
[TomTomHOMEService / TomTomHOMEService][Running/Auto Start]
  <C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe><TomTom>
[Viewpoint Manager Service / Viewpoint Manager Service][Running/Auto Start]
  <"C:\Program Files\Viewpoint\Common\ViewpointService.exe"><Viewpoint Corporation>
[Webroot Spy Sweeper Engine / WebrootSpySweeperService][Stopped/Auto Start]
  <C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe><N/A>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
  <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>
[Yahoo! Updater / YahooAUService][Running/Auto Start]
  <"C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"><Yahoo! Inc.>

==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD Processor Driver / AmdK8][Running/System Start]
  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[Promise driver accelerator / bb-run][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[ftsata2 / ftsata2][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ftsata2.sys><Promise Technology, Inc.>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
  <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[Intel RAID Controller / iaStor][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[Intel Processor Driver / intelppm][Stopped/Disabled]
  <system32\DRIVERS\intelppm.sys><N/A>
[MRENDIS5 NDIS Protocol Driver / MRENDIS5][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS><Motive, Inc.>
[PCD5SRVC - PCDR Kernel Mode Service Helper Driver / PCD5SRVC][Stopped/Manual Start]
  <\??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms><PC-Doctor, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiS315 / SiS315][Running/Manual Start]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[smserial / smserial][Running/Manual Start]
  <system32\DRIVERS\smserial.sys><Motorola Inc.>
[Spy Sweeper File System Filer Driver: 0509 / SSFS0509][Running/Boot Start]
  <\SystemRoot\SYSTEM32\Drivers\SSFS0509.SYS><Webroot Software Inc (www.webroot.com)>
[Spy Sweeper File System Filer Driver: 0BB8 / SSFS0BB8][Running/Boot Start]
  <\SystemRoot\SYSTEM32\Drivers\SSFS0BB8.SYS><Webroot Software Inc (www.webroot.com)>
[Spy Sweeper Hookrack MiniDriver / SSHRMD][Running/Boot Start]
  <\SystemRoot\SYSTEM32\Drivers\SSHRMD.SYS><Webroot Software Inc (www.webroot.com)>
[Spy Sweeper Interdiction Driver / SSIDRV][Running/Boot Start]
  <\SystemRoot\SYSTEM32\Drivers\SSIDRV.SYS><Webroot Software Inc (www.webroot.com)>
[Webroot Spy Sweeper Keylogger Shield Keyboard Filter / SSKBFD][Running/Manual Start]
  <System32\Drivers\sskbfd.sys><Webroot Software Inc (www.webroot.com)>
[SymEvent / SymEvent][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080926.001\SymIDSCo.sys><N/A>
[tmcomm / tmcomm][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.>
[USBIO Driver (usbio.sys) / USBIO][Stopped/Manual Start]
  <System32\Drivers\usbio.sys><Thesycon GmbH, Germany>

==================================
Browser Add-ons
[&Yahoo! Toolbar Helper]
  {02478D38-C3F9-4efb-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, (Signed) Yahoo! Inc.>
[C:\WINDOWS\system32\tajf83ikdmf.dll]
  {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} <C:\WINDOWS\system32\tajf83ikdmf.dll, N/A>
[]
  {c89350f0-3372-4ce3-96b5-2e2e24f57184} <C:\WINDOWS\system32\jinorije.dll, N/A>
[Java Plug-in 1.6.0_02]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[AIM]
  {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:\Program Files\AIM\aim.exe, (Signed) America Online, Inc.>
[Run IMVU]
  {d9288080-1baa-4bc4-9cf8-a92d743db949} <C:\Documents and Settings\HP_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk, N/A>
[Connection Help]
  {E2D4D26B-0180-43a4-B05F-462D6D54C789} <, >
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[MSN]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, (Signed) Yahoo! Inc.>
[Google Toolbar]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[OSInfo Control]
  {05317530-B882-449D-9421-18D94FA3ED34} <C:\WINDOWS\OSInfo.ocx, hiChannel>
[SiS_OCX Control]
  {16095503-786F-4097-AED6-5D567A26D760} <C:\WINDOWS\SiS_OCX.ocx, SiS>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[System Requirements Lab Class]
  {1E54D648-B804-468d-BC78-4AFFED8E262E} <C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll, (Signed) Husdawg, LLC>
[Checkers Class]
  {20A60F0D-9AFA-4515-A0FD-83BD84642501} <C:\WINDOWS\Downloaded Program Files\msgrchkr.dll, (Signed) Microsoft Corporation>
[Symantec Script Runner Class]
  {44990301-3C9D-426D-81DF-AAB636FA4345} <C:\WINDOWS\Downloaded Program Files\tgctlsr.dll, (Signed) Symantec, Inc.>
[Solitaire Showdown Class]
  {5C051655-FCD5-4969-9182-770EA5AA5565} <C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll, (Signed) Microsoft Corporation>
[UnoCtrl Class]
  {5D6F45B3-9043-443D-A792-115447494D24} <C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll, (Signed) Microsoft>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[MJLauncherCtrl Class]
  {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} <C:\WINDOWS\Downloaded Program Files\mjolauncher.dll, MumboJumbo Online>
[Java Plug-in 1.6.0_02]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[MSN Games - Installer]
  {B8BE5E93-A60C-4D26-A2DC-220313175592} <C:\WINDOWS\Downloaded Program Files\ZIntro.ocx, (Signed) Microsoft Corporation>
[CBreakshotControl Class]
  {BD393C14-72AD-4790-A095-76522973D6B8} <C:\WINDOWS\Downloaded Program Files\banksht2.dll, (Signed) pixelStorm entertainment studios Inc.>
[MessengerStatsClient Class]
  {C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.5.0]
  {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, (Signed) Sun Microsystems, Inc.>
[WheelofFortune Object]
  {DA758BB1-5F89-4465-975F-8D7179A4BCF3} <C:\WINDOWS\Downloaded Program Files\WoF.ocx, (Signed) Microsoft Corporation>
[Minesweeper Flags Class]
  {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} <C:\WINDOWS\Downloaded Program Files\MineSweeper.dll, (Signed) Microsoft Corporation>
[GoPetsWeb Control]
  {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} <C:\WINDOWS\DOWNLO~1\GOPETS~1.OCX, (Signed) GoPets LTD>
[]
  {00000000-0000-0000-0000-000000000000} <, >
[]
  {00000000-0000-0000-0000-000000000002} <, >
[&Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, (Signed) Yahoo! Inc.>
[OSInfo Control]
  {05317530-B882-449D-9421-18D94FA3ED34} <C:\WINDOWS\OSInfo.ocx, hiChannel>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[]
  {0FBB9689-D3D7-4F7A-A2E2-585B10099BFC} <, >
[]
  {15F4D456-5BAA-4076-8486-EECB38CD3E57} <, >
[SiS_OCX Control]
  {16095503-786F-4097-AED6-5D567A26D760} <C:\WINDOWS\SiS_OCX.ocx, SiS>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[System Requirements Lab Class]
  {1E54D648-B804-468D-BC78-4AFFED8E262E} <C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll, (Signed) Husdawg, LLC>
[Google Toolbar]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XSL Template]
  {2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
  {3369AF0D-62E9-4BDA-8103-B4C75499B578} <, >
[]
  {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <, >
[Symantec Script Runner Class]
  {44990301-3C9D-426D-81DF-AAB636FA4345} <C:\WINDOWS\Downloaded Program Files\tgctlsr.dll, (Signed) Symantec, Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Accelerator Plugin]
  {656EC4B7-072B-4698-B504-2A414C1F0037} <C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {6D53EC84-6AAE-4787-AEEE-F4628F01010C} <, >
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Java Plug-in 1.6.0_02]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[ST]
  {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[]
  {A8FB8EB3-183B-4598-924D-86F0E5E37085} <, >
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[]
  {AC9E2541-2814-11D5-BC6D-00B0D0A1DE45} <, >
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll, (Signed) Google Inc.>
[MSN]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[MSNToolBandBHO]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[]
  {BDF3E430-B101-42AD-A544-FADC6B084872} <, >
[Helper Class]
  {BF0118D4-63FF-4138-9327-F3028FB1A578} <C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll, >
[C:\WINDOWS\system32\tajf83ikdmf.dll]
  {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} <C:\WINDOWS\system32\tajf83ikdmf.dll, N/A>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll, (Signed) Google Inc.>
[]
  {C89350F0-3372-4CE3-96B5-2E2E24F57184} <C:\WINDOWS\system32\jinorije.dll, N/A>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D9288080-1BAA-4BC4-9CF8-A92D743DB949} <, >
[]
  {DE9C389F-3316-41A7-809B-AA305ED9D922} <, >
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation>
[]
  {E2D4D26B-0180-43A4-B05F-462D6D54C789} <, >
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, (Signed) Yahoo! Inc.>
[Runclose Control]
  {F31D1897-7EFD-4647-8687-E05894E382AB} <C:\WINDOWS\system32\runclose.ocx, Hewlett-Packard Company>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document]
  {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[SingleInstance Class]
  {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll, (Signed) Yahoo! Inc>

==================================
Running Processes
[PID: 456 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\WRLogonNTF.dll]  [Webroot Software, Inc., 3,5,6,56]
[PID: 616 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233)]
[PID: 632 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
[PID: 792 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
[PID: 912 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
[PID: 964 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
	[c:\windows\system32\rasmans.dll]  [Microsoft Corporation, 5.1.2600.2908 (xpsp_sp2_gdr.060513-0343)]
[PID: 1008 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1164 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
[PID: 1256 / SYSTEM][C:\WINDOWS\system32\LEXBCES.EXE]  [Lexmark International, Inc., 8.29]
	[C:\WINDOWS\system32\lexp2p32.dll]  [Lexmark International, Inc., 8.29]
	[C:\WINDOWS\system32\lex2kusb.dll]  [Lexmark International, Inc., 8.29]
[PID: 1292 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\HpTcpMon.dll]  [Hewlett Packard, 5.01.00.011]
	[C:\WINDOWS\system32\hpzjrd01.dll]  [Hewlett Packard, 2.01.00.003]
	[C:\WINDOWS\system32\HPTcpMUI.dll]  [Microsoft Corporation, 5.01.00.011]
	[C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 5.01.00.011]
	[C:\WINDOWS\system32\LEXLMPM.DLL]  [Lexmark International, Inc., 8.29]
	[C:\WINDOWS\system32\LexBce.dll]  [Lexmark International, Inc., 8.29]
	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBKPP5C.dll]  [, 1.0.0.0]
	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\WfxPrint2000.dll]  [BVRP Software, 5.05 built by: WinDDK]
	[C:\WINDOWS\system32\LXBKpwr.dll]  [Lexmark International, Inc., 0, 1, 61, 1]
[PID: 1300 / SYSTEM][C:\WINDOWS\system32\LEXPPS.EXE]  [Lexmark International, Inc., 8.29]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
	[C:\WINDOWS\system32\LEXBCE.DLL]  [Lexmark International, Inc., 8.29]
[PID: 1452 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1484 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple, Inc., 1, 14, 0, 0]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
[PID: 1616 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 1684 / SYSTEM][C:\Program Files\Google\Update\GoogleUpdate.exe]  [Google Inc., 1.2.131.7]
	[C:\Program Files\Google\Update\1.2.183.7\goopdate.dll]  [Google Inc., 1.2.183.7]
[PID: 1736 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\Program Files\Lexmark X1100 Series\lxbkmcro.dll]  [Lexmark International, Inc., 0.1.1.1]
	[C:\Program Files\Lexmark X1100 Series\ConvDIB.dll]  [N/A, ]
	[C:\Program Files\Lexmark X1100 Series\rtscan.dll]  [Funai, 4, 0, 0, 2]
[PID: 1788 / SYSTEM][C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe]  [Google Inc., 1.2.183.7]
	[C:\Program Files\Google\Update\1.2.183.7\goopdate.dll]  [Google Inc., 1.2.183.7]
[PID: 1808 / SYSTEM][C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe]  [TomTom, 2, 6, 0, 1]
[PID: 1924 / SYSTEM][C:\Program Files\Viewpoint\Common\ViewpointService.exe]  [Viewpoint Corporation, 2, 0, 0, 54]
[PID: 1992 / SYSTEM][C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe]  [Yahoo! Inc., 1.0.0.53]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
[PID: 2032 / SYSTEM][c:\WINDOWS\system32\ZuneBusEnum.exe]  [Microsoft Corporation, 2.5.447.0 (ZUNE_DORADO_V2.5_RTM.080429-1859)]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
[PID: 1084 / HP_Owner][C:\WINDOWS\system32\drivers\smss.exe]  [PROMO Software, 9.6.1.5]
[PID: 2076 / HP_Owner][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
	[\\?\globalroot\systemroot\system32\hjgruimcenxtpg.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\Program Files\Common Files\Microsoft Shared\INK\PENUSA.DLL]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\tajf83ikdmf.dll]  [N/A, ]
	[C:\PROGRA~1\HUGHES~1\SMARTB~1\SBHook.dll]  [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
	[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 2448 / HP_Owner][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2500 / HP_Owner][C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe]  [Hewlett-Packard Company, 2, 0, 5, 0]
[PID: 2536 / HP_Owner][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe]  [Hewlett-Packard Co., 53.0.13.000]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2552 / HP_Owner][C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe]  [Lexmark International, Inc., 0.1.1.1]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2564 / HP_Owner][C:\Program Files\Microsoft IntelliType Pro\itype.exe]  [Microsoft Corporation, 6.01.252.0]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2580 / HP_Owner][C:\Program Files\Microsoft IntelliPoint\ipoint.exe]  [Microsoft Corporation, 6.01.250.0]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2616 / HP_Owner][C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.20.6]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
[PID: 2624 / HP_Owner][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2660 / HP_Owner][C:\WINDOWS\sm56hlpr.exe]  [Motorola Inc., 6.10.01]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[C:\WINDOWS\sm56eng.dll]  [N/A, ]
	[C:\WINDOWS\sm56fra.dll]  [N/A, ]
	[C:\WINDOWS\sm56brz.dll]  [N/A, ]
	[C:\WINDOWS\sm56chs.dll]  [N/A, ]
	[C:\WINDOWS\sm56cht.dll]  [N/A, ]
	[C:\WINDOWS\sm56ger.dll]  [N/A, ]
	[C:\WINDOWS\sm56itl.dll]  [N/A, ]
	[C:\WINDOWS\sm56jpn.dll]  [N/A, ]
	[C:\WINDOWS\sm56spn.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2728 / HP_Owner][C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe]  [Lexmark International, Inc., 0.1.1.1]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2736 / HP_Owner][C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe]  [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
	[C:\PROGRA~1\HUGHES~1\SMARTB~1\httpclient52.dll]  [Motive Communications, Inc., 1.07.01]
	[C:\PROGRA~1\HUGHES~1\SMARTB~1\clientutil52.dll]  [Motive Communications, Inc., 1.07.01]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[C:\PROGRA~1\HUGHES~1\SMARTB~1\SBRes.dll]  [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\PROGRA~1\HUGHES~1\SMARTB~1\alertfilter.dll]  [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
	[C:\PROGRA~1\HUGHES~1\SMARTB~1\SBHook.dll]  [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2816 / HP_Owner][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Inc., 7.6.2.9]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Inc., 7.6.2.9]
	[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Inc., 7.6.2.9]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\Program Files\QuickTime\QTSystem\QuickTime.qts]  [Apple Inc., 7.4.5]
	[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll]  [Apple Inc., 7, 6, 120, 1]
	[C:\WINDOWS\system32\winhelper.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
	[C:\PROGRA~1\HUGHES~1\SMARTB~1\SBHook.dll]  [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2844 / HP_Owner][C:\Program Files\Zune\ZuneLauncher.exe]  [Microsoft Corporation, 2.5.447.0 (ZUNE_DORADO_V2.5_RTM.080429-1859)]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2956 / HP_Owner][C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe]  [Webroot Software, Inc., 5,5,7,48]
	[C:\Program Files\Webroot\Spy Sweeper\wrid.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[C:\Program Files\Webroot\Spy Sweeper\language.dll]  [Webroot Software, Inc., 5,5,7,48]
	[C:\PROGRA~1\HUGHES~1\SMARTB~1\SBHook.dll]  [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 2996 / HP_Owner][C:\WINDOWS\system32\winupdate.exe]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]
	[C:\PROGRA~1\HUGHES~1\SMARTB~1\SBHook.dll]  [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 3012 / HP_Owner][C:\WINDOWS\system32\braviax.exe]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 3496 / HP_Owner][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]
	[C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\gtn.dll]  [Google Inc., 5, 1, 1309, 15642]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll]  [Google Inc., 5, 1, 1309, 15642]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 3604 / HP_Owner][C:\Documents and Settings\HP_Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe]  [SanDisk Corporation, 1, 0, 0, 9]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
[PID: 852 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Inc., 7.6.2.9]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Inc., 7.6.2.9]
	[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Inc., 7.6.2.9]
[PID: 756 / HP_Owner][C:\Documents and Settings\HP_Owner\Application Data\U3\3954030C6DD2FA3A\LaunchPad.exe]  [, 1.6.1.2]
	[C:\Documents and Settings\HP_Owner\Application Data\U3\3954030C6DD2FA3A\u3dapi10.dll]  [, 1, 0, 9, 0]
	[C:\PROGRA~1\HUGHES~1\SMARTB~1\SBHook.dll]  [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[C:\Documents and Settings\HP_Owner\Application Data\U3\3954030C6DD2FA3A\LPSecurityExtension.dll]  [U3, 1.6.1.1]
	[C:\Documents and Settings\HP_Owner\Application Data\U3\3954030C6DD2FA3A\PelicanExtension.dll]  [SanDisk, 1.6.1.1]
	[C:\Documents and Settings\HP_Owner\Application Data\U3\3954030C6DD2FA3A\SanDiskFormatExtension.dll]  [TODO: <Company name>, 1.6.1.1]
	[C:\Program Files\Common Files\Microsoft Shared\INK\PENUSA.DLL]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2192 / HP_Owner][L:\Documents\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 1600 / HP_Owner][L:\Documents\sreng2\SRE4fd299f5.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\WINDOWS\system32\nezusena.dll]  [N/A, ]
	[C:\PROGRA~1\HUGHES~1\SMARTB~1\SBHook.dll]  [Motive Communications, Inc., 5.8.22.asst_classic.smartbridge.20060421_153000]
	[c:\windows\system32\sujehihu.dll]  [N/A, ]
	[C:\WINDOWS\system32\buyenayo.dll]  [N/A, ]
	[C:\WINDOWS\system32\jinorije.dll]  [N/A, ]
	[L:\Documents\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[\\?\globalroot\Device\__max++>\4EB8329E.x86.dll]  [N/A, ]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
VSockets Library over [MSAFD Tcpip [TCP/IP]]
	C:\WINDOWS\system32\winhelper.dll(, N/A)
VSockets Library
	C:\WINDOWS\system32\winhelper.dll(, N/A)

==================================
Autorun.Inf
[D:\]
[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1484, C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\VIEWPOINT\COMMON\VIEWPOINTSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2500, C:\PROGRAM FILES\HEWLETT-PACKARD\HP BOOT OPTIMIZER\HPBOOTOP.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2536, C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2552, C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2624, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2736, C:\PROGRA~1\HUGHES~1\SMARTB~1\MOTIVESB.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2996, C:\WINDOWS\SYSTEM32\WINUPDATE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3012, C:\WINDOWS\SYSTEM32\BRAVIAX.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3604, C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\SANDISK\SANSA UPDATER\SANSADISPATCH.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3836, C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 756, C:\DOCUMENTS AND SETTINGS\HP_OWNER\APPLICATION DATA\U3\3954030C6DD2FA3A\LAUNCHPAD.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2192, L:\DOCUMENTS\SRENG2\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] {7B02EF0B-A410-4938-8480-9BA26420A627}.job
		C:\WINDOWS\TEMP\cpv.exe 
[Enabled] wrSpySweeper_LCBE36F8B92194E46B8C883F53825EB7A.job
		C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe 
[Enabled] GoogleUpdateTaskMachineUA.job
		C:\Program Files\Google\Update\GoogleUpdate.exe 
[Enabled] GoogleUpdateTaskMachineCore.job
		C:\Program Files\Google\Update\GoogleUpdate.exe 

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:57 AM

Posted 15 September 2009 - 07:00 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 xXTetsujinXx

xXTetsujinXx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 15 September 2009 - 07:42 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.




i tryed running combofix and it began to run then just disappeard now whenever i click on the icon it does nothing. before that my computer shut itself off it said something about DCOM or something i cant really remember because it went so fast. nothing appears to be different with the computer sofar the only scan related thing to run successfully on my computer is the program that made that log file i posted everything else seems to just not start or just stop working out of nowhere.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:57 AM

Posted 16 September 2009 - 07:23 AM

Please download and run Win32kDiag:
Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========

Please post the following logs in your next reply:

* Win32kDiag.txt
* Log.txt
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 xXTetsujinXx

xXTetsujinXx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 16 September 2009 - 03:37 PM

both of the scans ran fine here are the logs..


Running from: L:\Win32kDiag.exe

Log file at : C:\Documents and Settings\HP_Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1023.tmp\ZAP1023.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP110C.tmp\ZAP110C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1129.tmp\ZAP1129.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF75.tmp\ZAPF75.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CONFLICT.1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4fb06badf893aaaff075a5955e07f0f6\emerald\emerald

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6d16348987bfa3ee3fd983361ac371cb\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f429bd5508b5b5323760184960867fd6\f429bd5508b5b5323760184960867fd6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\5a0d771158cfd69be5ddd26d8f58c73b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Preferences\Preferences

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\7F6EGB87\7F6EGB87

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer\iTunes\iTunes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{5E41BDC3-3E9B-4A7D-ADED-969491FFC466}\{5E41BDC3-3E9B-4A7D-ADED-969491FFC466}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView\SampleView

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\Symantec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Apple Computer\iTunes\iTunes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Services\Services

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2008-04-13 20:12:18 10752 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\dumprep.exe (Microsoft Corporation)

[1] 2004-08-04 08:00:00 10752 C:\WINDOWS\system32\dllcache\dumprep.exe (Microsoft Corporation)

[1] 2004-08-04 08:00:00 10752 C:\WINDOWS\system32\dumprep.exe ()



Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)

[1] 2004-08-04 08:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2004-08-04 08:00:00 62464 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-04 08:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\SaveReport\SaveReport

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1014.tmp\slu1014.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu10c.tmp\slu10c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1115.tmp\slu1115.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu11ce.tmp\slu11ce.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1202.tmp\slu1202.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1324.tmp\slu1324.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu132b.tmp\slu132b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu134e.tmp\slu134e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1402.tmp\slu1402.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1408.tmp\slu1408.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1415.tmp\slu1415.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu14e7.tmp\slu14e7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1692.tmp\slu1692.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu173b.tmp\slu173b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1760.tmp\slu1760.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1893.tmp\slu1893.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu18ba.tmp\slu18ba.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1901.tmp\slu1901.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1915.tmp\slu1915.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu191d.tmp\slu191d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1971.tmp\slu1971.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1999.tmp\slu1999.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1a47.tmp\slu1a47.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1acf.tmp\slu1acf.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1afe.tmp\slu1afe.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1b45.tmp\slu1b45.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1c18.tmp\slu1c18.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1d2.tmp\slu1d2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1daf.tmp\slu1daf.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1e0e.tmp\slu1e0e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1e57.tmp\slu1e57.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1e80.tmp\slu1e80.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu1e8f.tmp\slu1e8f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2070.tmp\slu2070.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu20e2.tmp\slu20e2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu21c5.tmp\slu21c5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu22ba.tmp\slu22ba.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu238f.tmp\slu238f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2417.tmp\slu2417.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu268a.tmp\slu268a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu27e4.tmp\slu27e4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2884.tmp\slu2884.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2a06.tmp\slu2a06.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2a2.tmp\slu2a2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2b0a.tmp\slu2b0a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2b79.tmp\slu2b79.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2be9.tmp\slu2be9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2c39.tmp\slu2c39.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2c63.tmp\slu2c63.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2e44.tmp\slu2e44.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2f14.tmp\slu2f14.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2f67.tmp\slu2f67.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu306.tmp\slu306.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu30dd.tmp\slu30dd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3268.tmp\slu3268.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu32c5.tmp\slu32c5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3303.tmp\slu3303.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3314.tmp\slu3314.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu331f.tmp\slu331f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu34d6.tmp\slu34d6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu34d7.tmp\slu34d7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu35ad.tmp\slu35ad.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu36b9.tmp\slu36b9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu36cd.tmp\slu36cd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3763.tmp\slu3763.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu37cb.tmp\slu37cb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu37f5.tmp\slu37f5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3810.tmp\slu3810.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3899.tmp\slu3899.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu392b.tmp\slu392b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3a21.tmp\slu3a21.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3a5e.tmp\slu3a5e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3a9b.tmp\slu3a9b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3ae2.tmp\slu3ae2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3b8c.tmp\slu3b8c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3e0b.tmp\slu3e0b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4199.tmp\slu4199.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu41b8.tmp\slu41b8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu41c7.tmp\slu41c7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4324.tmp\slu4324.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4371.tmp\slu4371.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu43a5.tmp\slu43a5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4424.tmp\slu4424.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu44f2.tmp\slu44f2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu456b.tmp\slu456b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu459e.tmp\slu459e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu45b2.tmp\slu45b2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4615.tmp\slu4615.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu46d6.tmp\slu46d6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu46fc.tmp\slu46fc.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu471d.tmp\slu471d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4858.tmp\slu4858.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu488b.tmp\slu488b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4960.tmp\slu4960.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4987.tmp\slu4987.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4b2a.tmp\slu4b2a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4b47.tmp\slu4b47.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4b7c.tmp\slu4b7c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4b89.tmp\slu4b89.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4bf3.tmp\slu4bf3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4c9e.tmp\slu4c9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4cab.tmp\slu4cab.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4cc3.tmp\slu4cc3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4ce1.tmp\slu4ce1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4d19.tmp\slu4d19.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4d8.tmp\slu4d8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4d95.tmp\slu4d95.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4da5.tmp\slu4da5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4e1c.tmp\slu4e1c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5008.tmp\slu5008.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu517.tmp\slu517.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5177.tmp\slu5177.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5178.tmp\slu5178.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu52a9.tmp\slu52a9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu52e8.tmp\slu52e8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu531e.tmp\slu531e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu543d.tmp\slu543d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu545a.tmp\slu545a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu56e7.tmp\slu56e7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5752.tmp\slu5752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5773.tmp\slu5773.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5991.tmp\slu5991.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu599f.tmp\slu599f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5bc4.tmp\slu5bc4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5d40.tmp\slu5d40.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5dca.tmp\slu5dca.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5e39.tmp\slu5e39.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5e4e.tmp\slu5e4e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5e72.tmp\slu5e72.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5fa9.tmp\slu5fa9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu602f.tmp\slu602f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu616b.tmp\slu616b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6174.tmp\slu6174.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6198.tmp\slu6198.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu61f7.tmp\slu61f7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu625d.tmp\slu625d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu62fe.tmp\slu62fe.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu630c.tmp\slu630c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6335.tmp\slu6335.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu634b.tmp\slu634b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6398.tmp\slu6398.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu63fc.tmp\slu63fc.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu640.tmp\slu640.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6452.tmp\slu6452.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu646.tmp\slu646.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6482.tmp\slu6482.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu64f7.tmp\slu64f7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6503.tmp\slu6503.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6514.tmp\slu6514.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6660.tmp\slu6660.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6670.tmp\slu6670.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu66ab.tmp\slu66ab.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu68dc.tmp\slu68dc.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6a16.tmp\slu6a16.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6a50.tmp\slu6a50.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6ad1.tmp\slu6ad1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6b12.tmp\slu6b12.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6b38.tmp\slu6b38.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6ce4.tmp\slu6ce4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6d5b.tmp\slu6d5b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6ded.tmp\slu6ded.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6e05.tmp\slu6e05.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6eaa.tmp\slu6eaa.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6f29.tmp\slu6f29.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6fc3.tmp\slu6fc3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu700b.tmp\slu700b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7058.tmp\slu7058.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu710e.tmp\slu710e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7154.tmp\slu7154.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7164.tmp\slu7164.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu71ce.tmp\slu71ce.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu71f0.tmp\slu71f0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7209.tmp\slu7209.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7249.tmp\slu7249.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu72d2.tmp\slu72d2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7342.tmp\slu7342.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7444.tmp\slu7444.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu74ab.tmp\slu74ab.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu753d.tmp\slu753d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu761d.tmp\slu761d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7681.tmp\slu7681.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu78c9.tmp\slu78c9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu791.tmp\slu791.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7913.tmp\slu7913.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7934.tmp\slu7934.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7975.tmp\slu7975.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7a1e.tmp\slu7a1e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7a49.tmp\slu7a49.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7b88.tmp\slu7b88.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7bfd.tmp\slu7bfd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7c80.tmp\slu7c80.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7cfb.tmp\slu7cfb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7d1.tmp\slu7d1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7d27.tmp\slu7d27.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7ec0.tmp\slu7ec0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7ec2.tmp\slu7ec2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7f1b.tmp\slu7f1b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7f30.tmp\slu7f30.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7f48.tmp\slu7f48.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu812.tmp\slu812.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu821.tmp\slu821.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu82d.tmp\slu82d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu8cd.tmp\slu8cd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu94a.tmp\slu94a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu96f.tmp\slu96f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu9c8.tmp\slu9c8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu9de.tmp\slu9de.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu9fb.tmp\slu9fb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slua4.tmp\slua4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slua76.tmp\slua76.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\sluae8.tmp\sluae8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\sluc09.tmp\sluc09.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\sluc80.tmp\sluc80.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slud10.tmp\slud10.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slud51.tmp\slud51.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\sludb8.tmp\sludb8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slueb7.tmp\slueb7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\sluebd.tmp\sluebd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\sluf89.tmp\sluf89.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\WorkFlow\WorkFlow

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07

Mount point destination : \Device\__max++>\^



Finished!






and heres the second log





Volume in drive C is HP_PAVILION
Volume Serial Number is 10BC-80AE

Directory of C:\WINDOWS\$hf_mig$\KB968389\SP2QFE

02/06/2009 02:46 PM 408,064 netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp2qfe

02/06/2009 02:46 PM 408,064 netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

08/04/2004 08:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32

08/04/2004 08:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

08/04/2004 08:00 AM 62,464 eventlog.dll
3 File(s) 649,728 bytes

Directory of C:\WINDOWS\system32\dllcache

08/04/2004 08:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32\dllcache

08/04/2004 08:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32\dllcache

08/04/2004 08:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Total Files Listed:
11 File(s) 2,753,536 bytes
0 Dir(s) 38,770,388,992 bytes free

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:57 AM

Posted 16 September 2009 - 05:39 PM

Please follow these steps first:
  • Click on the Start button, then click on Run...
  • In the empty "Open:" box provided, type cmd and press Enter
    • This will launch a Command Prompt window (looks like DOS).
  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

    copy C:\WINDOWS\system32\dllcache\eventlog.dll C:\ /y

  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
  • Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
    NOTE: If you didn't get this message, stop everything and come back and tell me first. Executing The Avenger script (step #2) won't work if the file copy was not successful.
  • Exit the Command Prompt window.

===============================
Next set of steps...


Please disable your antivirus program.
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.

    Files to move:
    C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 xXTetsujinXx

xXTetsujinXx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 16 September 2009 - 11:58 PM

i have a problem i got a message that says windows cant access the device . path , or file

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:57 AM

Posted 17 September 2009 - 07:25 AM

At what point do you get this message?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 xXTetsujinXx

xXTetsujinXx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 17 September 2009 - 01:33 PM

i get it after i copy and paste the blue text and click ok

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:57 AM

Posted 17 September 2009 - 05:36 PM

Try this command:

copy C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll C:\ /y
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 xXTetsujinXx

xXTetsujinXx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 17 September 2009 - 05:51 PM

okay it copied the file this time im downloading the avenger now

#12 xXTetsujinXx

xXTetsujinXx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 17 September 2009 - 10:08 PM

okay it copied the file this time im downloading the avenger now


oh i almost forgot to ask can i still use the same code given in the directions for useing the avenger?

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:57 AM

Posted 18 September 2009 - 07:12 AM

Yes, that code won't have changed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 xXTetsujinXx

xXTetsujinXx
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 18 September 2009 - 11:14 AM

heres my log file for the avenger


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:57 AM

Posted 19 September 2009 - 03:49 PM

First you must move win32kdiag.exe to your desktop.
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.



========================



Now delete any copy of combofix.exe that you have if you downloaded it previously.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users