 |  |  |  |  |  |  |  |
Computer infected; No spyware removal programs working
 |
My computer is infected and barely any options are working. I read 'Read me before posting' file and these are my results thus far;
I downloaded ATF Cleaner, and that was successful. Enabled viewing of folders, downloaded Microsoft Malicious Software Removal and that didn't work.
Malwarebytes will not work. I even tried to rename it to .com and still will not run.
I also have visible pop-ups from PreciseAd, and when I try to open Malware or HiJackThis it says I do not have proper permission to access file.
I don't know what to do.. Any help would be appreciated.
I downloaded ATF Cleaner, and that was successful. Enabled viewing of folders, downloaded Microsoft Malicious Software Removal and that didn't work.
Malwarebytes will not work. I even tried to rename it to .com and still will not run.
I also have visible pop-ups from PreciseAd, and when I try to open Malware or HiJackThis it says I do not have proper permission to access file.
I don't know what to do.. Any help would be appreciated.
•
•
•
•
Originally Posted by bizz2 
I don't know what to do.. Any help would be appreciated.
Please download FindWPP.zip and Extract the FindWPP folder to your desktop.
-- Inside the folder, you'll see RunThis.bat - DoubleClick it and let it run for as long as it takes.
A log should pop up - please post that for me.
-- As with any program that somebody on the web tells you to run, this is a "run at your own risk" proposition...
PP
Last edited by PhilliePhan; Sep 20th, 2009 at 10:48 pm. Reason: Run at own risk.....
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
Thanks for your help so far! I get this error when I followed your instructions in the previous post:
Any other ideas? Online scanner actually worked, I used Kaspersky Online Scanner and got this log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 21, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 21, 2009 02:45:22
Records in database: 2864965
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics:
Objects scanned: 94629
Threats found: 21
Infected objects found: 36
Suspicious objects found: 0
Scan duration: 02:09:22
File name / Threat / Threats count
C:\Documents and Settings\Brandon\Desktop\youtube_downloader_hd_setup.exe Infected: Virus.Win32.Induc.a 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Incomplete\T-3545425-gimme more acapella.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Incomplete\T-3877632-piece of me acapella.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Paramore - Misery Business.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: Trojan-Downloader.NSIS.Agent.bk 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: not-a-virus:AdWare.Win32.Agent.oma 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: Trojan-Downloader.Win32.Zlob.bjhe 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: Trojan-Downloader.Win32.Zlob.bgzo 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: Trojan-Downloader.Win32.Zlob.bfea 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: Trojan-Downloader.Win32.Zlob.bfeb 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: Trojan-Downloader.NSIS.Agent.bk 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: not-a-virus:AdWare.Win32.Agent.oma 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: Trojan-Downloader.Win32.Zlob.bjhe 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: Trojan-Downloader.Win32.Zlob.bgzo 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: Trojan-Downloader.Win32.Zlob.bfea 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: Trojan-Downloader.Win32.Zlob.bfeb 1
C:\Documents and Settings\Brandon\Shared\what about that janet jackson 192kb.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Program Files\Youtube Downloader HD\YouTubeDownloaderHD.exe Infected: Virus.Win32.Induc.a 1
C:\Qoobox\Quarantine\C\WINDOWS\braviax.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wsia 1
C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir Infected: Backdoor.Win32.Small.ejx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wsia 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Infected: Trojan.Win32.Pakes.npu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir Infected: Trojan.Win32.Inject.ajdy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.foc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xfvadbpntxx.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.oma 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir Infected: Trojan.Win32.FraudPack.tqu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Backdoor.Win32.UltimateDefender.ike 1
C:\scmhux.exe Infected: Trojan.Win32.Stuh.achw 1
C:\WINDOWS\system32\busozudi.dll Infected: Trojan.Win32.Stuh.achw 1
C:\WINDOWS\system32\dllcache\beep.sys Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\WINDOWS\system32\gelapaze.dll Infected: Trojan.Win32.Stuh.achw 1
C:\WINDOWS\system32\joyabihu(2).dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\WINDOWS\system32\mewezilu(2).dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\WINDOWS\system32\zivamuvo.dll Infected: Trojan.Win32.Stuh.achw 1
C:\wpfpqa.exe Infected: Packed.Win32.TDSS.y 1
Selected area has been scanned.
---------------------------------
Another user on my computer had downloaded Frostwire.. Go figure a P2P program providing viruses? I actually uninstalled that horrendous software earlier... Any other ideas? Thanks so much for your help in advance!
•
•
•
•
'echofindWPP' is not recognized as an internal or external command, operable program or batch file.
C:\PKBTEMP\plcy1.txt
C:\PKBTEMP\plcy3.txt
C:\PKBTEMP\plcy4.txt
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 21, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 21, 2009 02:45:22
Records in database: 2864965
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics:
Objects scanned: 94629
Threats found: 21
Infected objects found: 36
Suspicious objects found: 0
Scan duration: 02:09:22
File name / Threat / Threats count
C:\Documents and Settings\Brandon\Desktop\youtube_downloader_hd_setup.exe Infected: Virus.Win32.Induc.a 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Incomplete\T-3545425-gimme more acapella.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Incomplete\T-3877632-piece of me acapella.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Paramore - Misery Business.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: Trojan-Downloader.NSIS.Agent.bk 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: not-a-virus:AdWare.Win32.Agent.oma 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: Trojan-Downloader.Win32.Zlob.bjhe 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: Trojan-Downloader.Win32.Zlob.bgzo 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: Trojan-Downloader.Win32.Zlob.bfea 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sim City 4 Deluxe.zip Infected: Trojan-Downloader.Win32.Zlob.bfeb 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: Trojan-Downloader.NSIS.Agent.bk 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: not-a-virus:AdWare.Win32.Agent.oma 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: Trojan-Downloader.Win32.Zlob.bjhe 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: Trojan-Downloader.Win32.Zlob.bgzo 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: Trojan-Downloader.Win32.Zlob.bfea 1
C:\Documents and Settings\Brandon\My Documents\FrostWire\Saved\Sims City 4.zip Infected: Trojan-Downloader.Win32.Zlob.bfeb 1
C:\Documents and Settings\Brandon\Shared\what about that janet jackson 192kb.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Program Files\Youtube Downloader HD\YouTubeDownloaderHD.exe Infected: Virus.Win32.Induc.a 1
C:\Qoobox\Quarantine\C\WINDOWS\braviax.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wsia 1
C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir Infected: Backdoor.Win32.Small.ejx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wsia 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Infected: Trojan.Win32.Pakes.npu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir Infected: Trojan.Win32.Inject.ajdy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.foc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xfvadbpntxx.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.oma 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir Infected: Trojan.Win32.FraudPack.tqu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Backdoor.Win32.UltimateDefender.ike 1
C:\scmhux.exe Infected: Trojan.Win32.Stuh.achw 1
C:\WINDOWS\system32\busozudi.dll Infected: Trojan.Win32.Stuh.achw 1
C:\WINDOWS\system32\dllcache\beep.sys Infected: Backdoor.Win32.UltimateDefender.igv 1
C:\WINDOWS\system32\gelapaze.dll Infected: Trojan.Win32.Stuh.achw 1
C:\WINDOWS\system32\joyabihu(2).dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\WINDOWS\system32\mewezilu(2).dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1
C:\WINDOWS\system32\zivamuvo.dll Infected: Trojan.Win32.Stuh.achw 1
C:\wpfpqa.exe Infected: Packed.Win32.TDSS.y 1
Selected area has been scanned.
---------------------------------
Another user on my computer had downloaded Frostwire.. Go figure a P2P program providing viruses? I actually uninstalled that horrendous software earlier... Any other ideas? Thanks so much for your help in advance!
•
•
•
•
Originally Posted by bizz2
Thanks for your help so far! I get this error when I followed your instructions in the previous post:
Try again with this one: FindWPP.zip
Post the log.
Also - When did you run Combofix? If you can find a log at C:\combofix.txt, please post that as well.
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
Mon 09/21/2009
12:59 AM
EXE KEY MODIFIED?
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
CHECKING SELECT POLICIES KEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,\
54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,\
00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,00,6d,00,73,00,73,00,74,00,\
79,00,6c,00,65,00,73,00,00,00
"InstallTheme"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,54,00,\
68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,\
00,74,00,68,00,65,00,6d,00,65,00,00,00
"DisableRegistryTools"=dword:00000000
LOOKING FOR REPLACED FILES
Looking for cngaudit.dll
Mon 09/21/2009
01:02 AM
EXE KEY MODIFIED?
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
CHECKING SELECT POLICIES KEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,\
54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,\
00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,00,6d,00,73,00,73,00,74,00,\
79,00,6c,00,65,00,73,00,00,00
"InstallTheme"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,54,00,\
68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,\
00,74,00,68,00,65,00,6d,00,65,00,00,00
"DisableRegistryTools"=dword:00000000
LOOKING FOR REPLACED FILES
Looking for cngaudit.dll
No matches found.
Looking for eventlog.dll
C:\WINDOWS\I386\
eventlog.dl_ Tue Aug 10 2004 3:00:00p ..... 30,131 29.42 K
C:\WINDOWS\SYSTEM32\
eventlog.dll Tue Aug 10 2004 3:00:00p A.... 62,464 61.00 K
C:\WINDOWS\SOFTWA~1\DOWNLOAD\DD9AB5~1\
eventlog.dll Sun Apr 13 2008 8:11:54p A.... 56,320 55.00 K
3 items found: 3 files, 0 directories.
Total of file sizes: 148,915 bytes 145.42 K
Looking for imm32.dll
C:\WINDOWS\I386\
imm32.dl_ Tue Aug 10 2004 3:00:00p ..... 46,094 45.01 K
C:\WINDOWS\SYSTEM32\
imm32.dll Tue Aug 10 2004 3:00:00p A.... 110,080 107.50 K
C:\WINDOWS\SOFTWA~1\DOWNLOAD\DD9AB5~1\
imm32.dll Sun Apr 13 2008 8:11:54p A.... 110,080 107.50 K
3 items found: 3 files, 0 directories.
Total of file sizes: 266,254 bytes 260.01 K
Looking for logevent.dll
C:\WINDOWS\SYSTEM32\
logevent.dll Tue Aug 10 2004 3:00:00p A.... 55,808 54.50 K
1 item found: 1 file, 0 directories.
Total of file sizes: 55,808 bytes 54.50 K
Looking for netlogon.dll
C:\WINDOWS\I386\
netlogon.dl_ Tue Aug 10 2004 3:00:00p ..... 181,419 177.16 K
C:\WINDOWS\SYSTEM32\
netlogon.dll Tue Aug 10 2004 3:00:00p A.... 407,040 397.50 K
C:\WINDOWS\SOFTWA~1\DOWNLOAD\DD9AB5~1\
netlogon.dll Sun Apr 13 2008 8:12:02p A.... 407,040 397.50 K
Looking for scecli.dll
Mon 09/21/2009
01:31 AM
FindWPP is running from C:\Documents and Settings\Doug.BISIGNANO\Desktop\FindNowPP
EXE KEY MODIFIED?
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
CHECKING SELECT POLICIES KEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,\
54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,\
00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,00,6d,00,73,00,73,00,74,00,\
79,00,6c,00,65,00,73,00,00,00
"InstallTheme"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,54,00,\
68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,\
00,74,00,68,00,65,00,6d,00,65,00,00,00
"DisableRegistryTools"=dword:00000000
LOOKING FOR REPLACED FILES
Looking for cngaudit.dll
Looking for eventlog.dll
Looking for imm32.dll
Looking for logevent.dll
Looking for netlogon.dll
Looking for scecli.dll
LOOKING FOR SUSPICIOUS FILES
Looking for windows Police Pro.exe
No matches found.
Looking for dddesot.dll
No matches found.
Looking for wisdstr.exe
No matches found.
Looking for desote.exe
No matches found.
Looking for svchasts.exe
No matches found.
Looking for ppp4.dat
No matches found.
Looking for sysnet.dat
No matches found.
Looking for bincd32.dat
No matches found.
Looking for ppp3.dat
No matches found.
Looking for desot.exe
No matches found.
Looking for wispex.html
No matches found.
Looking for qcfbc.wbg
No matches found.
Looking for windows Police Pro.exe
No matches found.
Looking for svchast.exe
No matches found.
Looking for dbsinit.exe
No matches found.
Looking for braviax.exe
No matches found.
Looking for bennuar.old
No matches found.
EXE KEY STILL MODIFIED?
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
SUSPECT REG KEYS
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
---------- C:\PKBTEMP\SYSKEYS.TXT
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
---------- C:\PKBTEMP\SYSKEYS.TXT
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
12:59 AM
EXE KEY MODIFIED?
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
CHECKING SELECT POLICIES KEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,\
54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,\
00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,00,6d,00,73,00,73,00,74,00,\
79,00,6c,00,65,00,73,00,00,00
"InstallTheme"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,54,00,\
68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,\
00,74,00,68,00,65,00,6d,00,65,00,00,00
"DisableRegistryTools"=dword:00000000
LOOKING FOR REPLACED FILES
Looking for cngaudit.dll
Mon 09/21/2009
01:02 AM
EXE KEY MODIFIED?
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
CHECKING SELECT POLICIES KEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,\
54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,\
00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,00,6d,00,73,00,73,00,74,00,\
79,00,6c,00,65,00,73,00,00,00
"InstallTheme"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,54,00,\
68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,\
00,74,00,68,00,65,00,6d,00,65,00,00,00
"DisableRegistryTools"=dword:00000000
LOOKING FOR REPLACED FILES
Looking for cngaudit.dll
No matches found.
Looking for eventlog.dll
C:\WINDOWS\I386\
eventlog.dl_ Tue Aug 10 2004 3:00:00p ..... 30,131 29.42 K
C:\WINDOWS\SYSTEM32\
eventlog.dll Tue Aug 10 2004 3:00:00p A.... 62,464 61.00 K
C:\WINDOWS\SOFTWA~1\DOWNLOAD\DD9AB5~1\
eventlog.dll Sun Apr 13 2008 8:11:54p A.... 56,320 55.00 K
3 items found: 3 files, 0 directories.
Total of file sizes: 148,915 bytes 145.42 K
Looking for imm32.dll
C:\WINDOWS\I386\
imm32.dl_ Tue Aug 10 2004 3:00:00p ..... 46,094 45.01 K
C:\WINDOWS\SYSTEM32\
imm32.dll Tue Aug 10 2004 3:00:00p A.... 110,080 107.50 K
C:\WINDOWS\SOFTWA~1\DOWNLOAD\DD9AB5~1\
imm32.dll Sun Apr 13 2008 8:11:54p A.... 110,080 107.50 K
3 items found: 3 files, 0 directories.
Total of file sizes: 266,254 bytes 260.01 K
Looking for logevent.dll
C:\WINDOWS\SYSTEM32\
logevent.dll Tue Aug 10 2004 3:00:00p A.... 55,808 54.50 K
1 item found: 1 file, 0 directories.
Total of file sizes: 55,808 bytes 54.50 K
Looking for netlogon.dll
C:\WINDOWS\I386\
netlogon.dl_ Tue Aug 10 2004 3:00:00p ..... 181,419 177.16 K
C:\WINDOWS\SYSTEM32\
netlogon.dll Tue Aug 10 2004 3:00:00p A.... 407,040 397.50 K
C:\WINDOWS\SOFTWA~1\DOWNLOAD\DD9AB5~1\
netlogon.dll Sun Apr 13 2008 8:12:02p A.... 407,040 397.50 K
Looking for scecli.dll
Mon 09/21/2009
01:31 AM
FindWPP is running from C:\Documents and Settings\Doug.BISIGNANO\Desktop\FindNowPP
EXE KEY MODIFIED?
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
CHECKING SELECT POLICIES KEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,\
54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,\
00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,00,6d,00,73,00,73,00,74,00,\
79,00,6c,00,65,00,73,00,00,00
"InstallTheme"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,54,00,\
68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,\
00,74,00,68,00,65,00,6d,00,65,00,00,00
"DisableRegistryTools"=dword:00000000
LOOKING FOR REPLACED FILES
Looking for cngaudit.dll
Looking for eventlog.dll
Looking for imm32.dll
Looking for logevent.dll
Looking for netlogon.dll
Looking for scecli.dll
LOOKING FOR SUSPICIOUS FILES
Looking for windows Police Pro.exe
No matches found.
Looking for dddesot.dll
No matches found.
Looking for wisdstr.exe
No matches found.
Looking for desote.exe
No matches found.
Looking for svchasts.exe
No matches found.
Looking for ppp4.dat
No matches found.
Looking for sysnet.dat
No matches found.
Looking for bincd32.dat
No matches found.
Looking for ppp3.dat
No matches found.
Looking for desot.exe
No matches found.
Looking for wispex.html
No matches found.
Looking for qcfbc.wbg
No matches found.
Looking for windows Police Pro.exe
No matches found.
Looking for svchast.exe
No matches found.
Looking for dbsinit.exe
No matches found.
Looking for braviax.exe
No matches found.
Looking for bennuar.old
No matches found.
EXE KEY STILL MODIFIED?
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
SUSPECT REG KEYS
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
---------- C:\PKBTEMP\SYSKEYS.TXT
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
---------- C:\PKBTEMP\SYSKEYS.TXT
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000]
"Service"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
"DeviceDesc"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_{79007602-0CDB-4405-9DBF-1257BB3226ED}\0000\Control]
"ActiveService"="{79007602-0CDB-4405-9DBF-1257BB3226ED}"
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
---------- C:\PKBTEMP\SYSKEYS.TXT
Last edited by bizz2; Sep 21st, 2009 at 2:39 am. Reason: Log information came up
Oh, and ComboFix was just downloaded on my computer. No log recorded, I searched for it. I tried to run ComboFix and an error came up saying I had to restart Windows and retry installation. Should I do this?
•
•
•
•
Originally Posted by bizz2
Oh, and ComboFix was just downloaded on my computer. No log recorded, I searched for it. I tried to run ComboFix and an error came up saying I had to restart Windows and retry installation. Should I do this?
Let's try this first and see where we are:
Please Download Win32kDiag from a linky below and save it to your Desktop.
• http://ad13.geekstogo.com/Win32kDiag.exe
• http://download.bleepingcomputer.com...Win32kDiag.exe
-- DoubleClick on Win32kDiag.exe to run it. Let it run for as long as it needs to.
-- When it says Finished – Press any key to exit, do that to exit the program.
-- You should now have a Win32kDiag.txt on your Desktop. Please post the entire log for me and we’ll go from there.
Be sure to wait until it says "finished."
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
This is what I got:
Running from: C:\Documents and Settings\Doug.BISIGNANO\My Documents\Downloads\Win32kDiag.exe
Log file at : C:\Documents and Settings\Doug.BISIGNANO\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\aolshare\aolshare
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\System.EnterpriseServices
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\IEExecRemote
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1059.tmp\ZAP1059.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1083.tmp\ZAP1083.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10E0.tmp\ZAP10E0.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16C.tmp\ZAP16C.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPECA.tmp\ZAPECA.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF79.tmp\ZAPF79.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\I386\SPR\SPR
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\chrome
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\defaults\preferences\preferences
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\root\root
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3355230566-3326683260-3698635536-1006\S-1-5-21-3355230566-3326683260-3698635536-1006
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{635ADD3D-5CEF-4046-8DBD-8F7AA70C8272}\{635ADD3D-5CEF-4046-8DBD-8F7AA70C8272}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)
Running from: C:\Documents and Settings\Doug.BISIGNANO\My Documents\Downloads\Win32kDiag.exe
Log file at : C:\Documents and Settings\Doug.BISIGNANO\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\aolshare\aolshare
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\System.EnterpriseServices
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\IEExecRemote
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1059.tmp\ZAP1059.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1083.tmp\ZAP1083.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10E0.tmp\ZAP10E0.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16C.tmp\ZAP16C.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPECA.tmp\ZAPECA.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF79.tmp\ZAPF79.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\I386\SPR\SPR
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\chrome
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\defaults\preferences\preferences
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\root\root
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3355230566-3326683260-3698635536-1006\S-1-5-21-3355230566-3326683260-3698635536-1006
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{635ADD3D-5CEF-4046-8DBD-8F7AA70C8272}\{635ADD3D-5CEF-4046-8DBD-8F7AA70C8272}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)
•
•
•
•
Originally Posted by bizz2
This is what I got:
Running from: C:\Documents and Settings\Doug.BISIGNANO\My Documents\Downloads\Win32kDiag.exe
Look again and make sure you pasted the whole log.
Better yet, upload it as an attachment.
If what you posted is the entire log, I'll need you to run it again and make sure it says Finished before you post the log. There should be much more to it....
Also, you need to move Win32kDiag to the Desktop - makes it easier for me when we run it again....
Hang in there
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
Yeah, I realized it was incomplete. I ran it again and for like five minutes now it is just staying on the last line of what I posted previously, "Cannot access: C:\WINDOWS\system32\eventlog.dll"
Still letting it sit there though, is that normal?
EDIT: Nevermind, has continued. Sorry, I'll post it once it is complete!
Still letting it sit there though, is that normal?
EDIT: Nevermind, has continued. Sorry, I'll post it once it is complete!
Last edited by bizz2; Sep 21st, 2009 at 3:51 am. Reason: more info
|
Similar Threads
- WARNING your in danger! your computer is in infected by spyware??? (Viruses, Spyware and other Nasties)
- "Your computer has been infected" (Viruses, Spyware and other Nasties)
- computer infected by SPYWARE!! (Viruses, Spyware and other Nasties)
- IE error your computer infected spyware (Viruses, Spyware and other Nasties)
- In Desperate Need of Help with hijack this log file; computer full of spyware (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Cannot connect to Internet after removing WPP virus
- Next Thread: unable to start HPZipm12.exe - error msg.
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn news obama paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm zeroday
