HHS

According to their properties, the three Wise Installation msi's are from Super AntiSpyware. Since I don't even have that program currently installed I deleted all of them. Thanks to your expert assistance, everything seems to be running fine now. Your help is greatly appreciated! Many Thanks, Howard

Looks like the good guys are winning. SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 10:26 on 07/09/2009 by Receptionist (Administrator - Elevation successful) ========== Dir ========== c:\program files\Common Files\Wise Installation Wizard - Parameters: "/s" ---Files--- WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_27_0_1000.MSI --a--- 6758400 bytes [18:12 03/08/2009] [18:12 03/08/2009] No folders found. c:\program files\Common Files\Wise Installation Wizard(3) - Parameters: "/s" ---Files--- WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_27_0_1000.MSI --a--- 6758400 bytes [18:12 03/08/2009] [18:12 03/08/2009] No folders found. c:\program files\Common Files\Wise Installation Wizard(2) - Parameters: "/s" ---Files--- WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_27_0_1000.MSI --a--- 6758400 bytes [18:12 03/08/2009] [18:12 03/08/2009] No folders found. -=End Of File=- -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, September 7, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, September 07, 2009 16:13:51 Records in database: 2756702 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 44857 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 00:41:52 No threats found. Scanned area is clean. Selected area has been scanned.

Everything seemed to run smoothly, no errors or problems. The four log files follow. Log file is located at: C:\Documents and Settings\Receptionist\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\addins\addins Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP197.tmp\ZAP197.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP197.tmp\ZAP197.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AF.tmp\ZAP2AF.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AF.tmp\ZAP2AF.tmp Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\temp\temp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\Cookies\Cookies Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Cookies\Cookies Found mount point : C:\WINDOWS\History\History.IE5\History.IE5 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\History\History.IE5\History.IE5 Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\chsime\applets\applets Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\shared\res\res Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\classes\classes Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\NAVITEMP\NAVITEMP Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\NAVITEMP\NAVITEMP Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PIF\PIF Found mount point : C:\WINDOWS\Prefetch\Prefetch Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Prefetch\Prefetch Found mount point : C:\WINDOWS\Recent\Recent Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Recent\Recent Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1025\1025 Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1028\1028 Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1031\1031 Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1037\1037 Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1041\1041 Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1042\1042 Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1054\1054 Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\2052\2052 Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3076\3076 Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2025429265-813497703-839522115-1005\S-1-5-21-2025429265-813497703-839522115-1005 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2025429265-813497703-839522115-1005\S-1-5-21-2025429265-813497703-839522115-1005 Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Cookies\Cookies Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Cookies\Cookies Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\History.IE5 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\History.IE5 Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Recent\Recent Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Recent\Recent Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Content.IE5 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Content.IE5 Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\dhcp\dhcp Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn Cannot access: C:\WINDOWS\system32\eventlog.dll Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 08:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\export\export Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\sample\sample Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40 Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wins\wins Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\xircom\xircom Found mount point : C:\WINDOWS\Temporary Internet Files\Content.IE5\Content.IE5 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temporary Internet Files\Content.IE5\Content.IE5 Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Finished! Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully. Completed script processing. ******************* Finished! Terminate. Malwarebytes' Anti-Malware 1.40 Database version: 2749 Windows 5.1.2600 Service Pack 3 9/6/2009 5:33:18 PM mbam-log-2009-09-06 (17-33-18).txt Scan type: Quick Scan Objects scanned: 99660 Time elapsed: 2 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 09-09-06.02 - Receptionist 09/06/2009 17:40.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1598 [GMT -4:00] Running from: c:\documents and settings\Receptionist\Desktop\Combo-Fix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\853285(2).msi c:\windows\Installer\853285(3).msi c:\windows\Installer\853285.msi c:\windows\Installer\a614b.msi . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 ))))))))))))))))))))))))))))))) . 2009-09-06 21:24 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 21:24 . 2009-09-06 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-06 21:24 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-03 20:58 . 2009-09-03 20:58 -------- d-----w- c:\program files\Trend Micro 2009-09-03 20:47 . 2009-09-03 21:00 -------- d-----w- c:\program files\SpyZooka 2009-09-03 16:53 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-03 16:53 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-03 16:53 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-03 16:53 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-03 16:53 . 2009-09-03 16:53 -------- d-----w- c:\program files\Avira 2009-09-03 16:53 . 2009-09-03 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-03 16:22 . 2009-09-06 21:07 -------- d--h--w- c:\windows\PIF 2009-09-02 20:06 . 2009-09-02 20:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-02 20:04 . 2009-09-02 20:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard(3) 2009-09-02 19:40 . 2009-09-02 19:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard(2) 2009-09-02 19:38 . 2009-09-02 19:38 -------- d-----w- c:\documents and settings\Administrator\IETldCache 2009-09-02 19:38 . 2009-09-03 16:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft 2009-09-02 19:38 . 2009-09-03 11:53 -------- d-s---w- c:\documents and settings\Administrator 2009-09-01 14:46 . 2009-09-01 14:46 -------- d-----w- c:\program files\AudioShell 2009-08-31 13:10 . 2009-08-31 13:10 -------- d-----w- c:\documents and settings\Receptionist\Application Data\Free PDF to Word Converter 2009-08-31 13:10 . 2009-08-31 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Smart Soft 2009-08-31 13:10 . 2009-08-31 13:10 -------- d-----w- c:\program files\Free PDF to Word Converter 2009-08-28 17:56 . 2009-08-28 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Printer's Apprentice 2009-08-28 17:56 . 2009-08-28 17:57 -------- d-----w- c:\documents and settings\Receptionist\Application Data\Printer's Apprentice 2009-08-28 17:54 . 2009-08-28 17:54 -------- d-----w- c:\program files\Lose Your Mind Development 2009-08-25 15:42 . 2009-08-25 15:42 -------- d-----w- c:\program files\PDFCreator 2009-08-25 15:42 . 1998-07-06 05:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2009-08-25 14:50 . 2009-08-25 15:42 -------- d-----w- c:\documents and settings\Receptionist\Local Settings\Application Data\ApplicationHistory 2009-08-25 14:50 . 2001-10-28 21:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2009-08-24 18:31 . 2009-08-24 18:31 -------- d-----w- c:\windows\Sun 2009-08-20 17:46 . 2009-08-20 17:46 -------- d-----w- c:\program files\MSECache 2009-08-20 15:05 . 2009-08-20 15:05 -------- d-----w- c:\documents and settings\Receptionist\.thumbnails 2009-08-20 15:03 . 2009-09-02 15:45 -------- d-----w- c:\documents and settings\Receptionist\Application Data\gtk-2.0 2009-08-20 14:41 . 2009-09-02 15:45 -------- d-----w- c:\documents and settings\Receptionist\.gimp-2.6 2009-08-20 14:19 . 2009-08-20 14:19 -------- d-----w- c:\program files\GIMP-2.0 2009-08-18 13:19 . 2009-08-18 13:19 -------- d-----w- c:\documents and settings\Receptionist\dwhelper 2009-08-13 17:43 . 2009-08-13 17:43 -------- d-----w- c:\documents and settings\Receptionist\Application Data\Tracker Software 2009-08-13 16:06 . 2009-08-13 16:06 0 ----a-w- c:\windows\nsreg.dat 2009-08-13 16:06 . 2009-08-13 16:06 -------- d-----w- c:\documents and settings\Receptionist\Local Settings\Application Data\Mozilla 2009-08-13 15:57 . 2009-08-13 15:57 -------- d-----w- c:\documents and settings\Receptionist\Application Data\ScanSoft 2009-08-13 14:04 . 2009-08-13 14:04 -------- d-----w- c:\program files\JoshMadison 2009-08-13 13:37 . 2009-08-13 13:37 -------- d-----w- c:\program files\IrfanView 2009-08-13 13:27 . 2009-08-13 13:27 -------- d-----w- c:\documents and settings\Receptionist\Application Data\PC-FAX TX 2009-08-12 18:48 . 2009-08-12 18:48 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-12 18:32 . 2009-08-12 18:49 -------- d-----w- c:\program files\Java 2009-08-12 18:32 . 2009-08-12 18:32 -------- d-----w- c:\program files\Common Files\Java 2009-08-12 18:31 . 2009-08-12 18:31 -------- d-----w- c:\documents and settings\Receptionist\Application Data\Chiu Software Systems 2009-08-12 08:00 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-02 20:07 . 2009-08-03 18:13 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-02 07:02 . 2009-08-04 19:18 -------- d-----w- c:\program files\MyDefrag v4.1.2 2009-08-27 18:17 . 2009-07-29 17:18 91008 ----a-w- c:\documents and settings\Receptionist\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 20:28 . 2009-08-03 20:28 -------- d-----w- c:\documents and settings\Receptionist\Application Data\ImgBurn 2009-08-03 18:13 . 2009-08-03 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-08-03 18:13 . 2009-08-03 18:13 -------- d-----w- c:\documents and settings\Receptionist\Application Data\SUPERAntiSpyware.com 2009-08-03 18:11 . 2009-08-03 18:11 -------- d-----w- c:\documents and settings\Receptionist\Application Data\Malwarebytes 2009-08-03 18:11 . 2009-08-03 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-03 16:20 . 2009-08-03 16:20 -------- d-----w- c:\documents and settings\Receptionist\Application Data\Corel 2009-08-03 15:41 . 2009-08-03 15:41 -------- d-----w- c:\program files\SigmaTel 2009-08-03 15:41 . 2009-07-15 19:25 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-03 15:41 . 2009-07-15 19:24 -------- d-----w- c:\program files\Common Files\InstallShield 2009-08-03 15:29 . 2009-08-03 15:29 -------- d-----w- c:\program files\Broadcom 2009-08-03 15:16 . 2009-08-03 15:16 -------- d-----w- c:\program files\Intel 2009-08-02 18:26 . 2009-08-04 19:18 95232 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr 2009-08-02 18:26 . 2009-08-04 19:18 861184 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe 2009-07-31 21:09 . 2009-07-31 21:09 -------- d-----w- c:\program files\NVIDIA Corporation 2009-07-31 20:44 . 2009-07-31 20:44 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-31 20:43 . 2009-07-15 19:09 -------- d-----w- c:\program files\Microsoft Works 2009-07-31 20:00 . 2009-07-20 15:56 -------- d-----w- c:\program files\RDS 2009-07-30 14:25 . 2009-07-30 14:25 -------- d-----w- c:\program files\MSBuild 2009-07-30 14:25 . 2009-07-30 14:25 -------- d-----w- c:\program files\Reference Assemblies 2009-07-30 13:24 . 2009-07-30 13:24 -------- d-----w- c:\program files\Tracker Software 2009-07-20 15:49 . 2009-07-20 15:41 -------- d-----w- c:\program files\RMClient 2009-07-20 14:29 . 2009-07-20 14:29 -------- d-----r- c:\documents and settings\Receptionist\Application Data\Brother 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 20:52 . 2009-07-16 20:52 -------- d-----w- c:\program files\MSXML 4.0 2009-07-16 17:39 . 2009-07-16 17:39 -------- d-----r- c:\documents and settings\Server\Application Data\Brother 2009-07-16 17:34 . 2009-07-16 17:34 50 ----a-w- c:\windows\system32\bridf07a.dat 2009-07-16 17:34 . 2009-07-16 17:34 -------- d-----w- c:\program files\Brother 2009-07-16 17:32 . 2009-07-16 17:32 -------- d-----w- c:\documents and settings\Server\Application Data\InstallShield 2009-07-16 17:32 . 2009-07-16 17:32 -------- d-----w- c:\program files\Nuance 2009-07-16 17:31 . 2009-07-16 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2009-07-16 17:31 . 2009-07-16 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-07-16 17:31 . 2009-07-16 17:31 -------- d-----w- c:\program files\Common Files\ScanSoft Shared 2009-07-16 17:31 . 2009-07-16 17:31 -------- d-----w- c:\program files\ScanSoft 2009-07-16 17:30 . 2009-07-16 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother 2009-07-15 19:27 . 2009-07-15 19:25 -------- d-----w- c:\documents and settings\Server\Application Data\Corel 2009-07-15 19:24 . 2009-07-15 19:24 -------- d-----w- c:\program files\Common Files\Borland Shared 2009-07-15 19:24 . 2009-07-15 19:23 -------- d-----w- c:\program files\WordPerfect Office 12 2009-07-15 19:23 . 2009-07-15 19:23 -------- d-----w- c:\program files\Common Files\Corel 2009-07-15 19:17 . 2009-07-15 19:17 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-15 19:09 . 2009-07-15 19:09 -------- d-----w- c:\program files\Common Files\L&H 2009-07-15 19:09 . 2009-07-15 19:09 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-07-12 16:21 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 20:53 . 2009-06-16 20:53 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2009-06-16 20:52 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-13 13684736] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "JobHisInit"="c:\program files\RMClient\JobHisInit.exe" [2003-05-30 135168] "MplSetUp"="c:\program files\RMClient\MplSetUp.exe" [2000-11-05 40960] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-13 86016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-13 1650688] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Function Palette.lnk - c:\program files\RDS\PLTBar.exe [2009-7-20 114688] Outlook.lnk - c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2008-4-23 199688] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyDocs"= 01000000 "NoSMMyPictures"= 01000000 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\RDS\\PLCtrlWz.exe"= "c:\\Program Files\\RDS\\PLDlnk.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/12/2009 9:12 AM 74480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/3/2009 12:53 PM 108289] R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [12/11/2008 7:08 AM 3575808] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-02 c:\windows\Tasks\FastUpdate.job - c:\program files\MyDefrag v4.1.2\Scripts\FastUpdate.MyD [2009-08-04 23:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.homesmartservices.net/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Receptionist\Application Data\Mozilla\Firefox\Profiles\nfcw908q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.homesmartservices.net/ FF - component: c:\documents and settings\Receptionist\Application Data\Mozilla\Firefox\Profiles\nfcw908q.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-06 17:44 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3020) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Brother\ControlCenter3\BrccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcMon.exe . ************************************************************************** . Completion time: 2009-09-06 17:45 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-06 21:45 Pre-Run: 149,480,128,512 bytes free Post-Run: 149,393,657,856 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 230 --- E O F --- 2009-08-28 12:51

Hi JSntgRvr, thanks for helping me with this. Here's the Win32kDiag log file you wanted. Log file is located at: C:\Documents and Settings\Receptionist\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP197.tmp\ZAP197.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AF.tmp\ZAP2AF.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Cookies\Cookies Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\History\History.IE5\History.IE5 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\NAVITEMP\NAVITEMP Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Prefetch\Prefetch Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2025429265-813497703-839522115-1005\S-1-5-21-2025429265-813497703-839522115-1005 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Cookies\Cookies Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\History.IE5 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Content.IE5 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 08:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) [2] 2008-04-13 20:11:53 56320 C:\System Volume Information\_restore{5350F312-F892-4C00-854E-BE4063EA88DE}\RP52\A0015348.dll (Microsoft Corporation) [2] 2004-08-04 08:00:00 55808 C:\System Volume Information\_restore{5350F312-F892-4C00-854E-BE4063EA88DE}\RP8\A0001660.dll (Microsoft Corporation) [2] 2004-08-04 08:00:00 55808 C:\System Volume Information\_restore{5350F312-F892-4C00-854E-BE4063EA88DE}\RP8\A0002700.dll (Microsoft Corporation) [2] 2004-08-04 08:00:00 55808 C:\System Volume Information\_restore{5350F312-F892-4C00-854E-BE4063EA88DE}\RP8\A0004061.dll (Microsoft Corporation) [2] 2008-04-13 20:11:53 56320 C:\System Volume Information\_restore{5350F312-F892-4C00-854E-BE4063EA88DE}\RP81\A0030030.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temporary Internet Files\Content.IE5\Content.IE5 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Finished!

Judging from the other posts in this forum, I've got something similar to what seems rather popular now. MBAM will start up, but if I try to start a scan it just shuts down after a few seconds. Subsequent attempts to run the program give an error message that I don't have permissions or the disk is full. Re-running the setup program will get it back to where it will run, but it still shuts down on a scan. Renaming the program doesn't change any of this. HiJack This exhibits similar behavior and simply shuts down when I run a scan. Avira AntiVir (free version) starts up with no problem, but clicking on the link to run a scan does nothing at all, the scan won't even start. Also, it shows that the resident AntiVir Guard is activated, but there is no icon in the system tray like there should be. Now that I think of it, SpyBot S&D's icon that is usually in the tray is missing also. The funny part is that AVG AntiVirus would run just fine and would complete a scan... it just didn't find anything at all to report. I uninstalled it and installed Avira. I tried using a copy of "Ultimate Boot CD 4 Windows" that I had. Booting from the CD I was able to successfully run scans with Avira and SpyBot, but unfortunately I wasn't able to get them to update so they ran with (very) out of date definitions. They both did find several trojans, but obviously didn't solve whatever is at the root of the problem (no pun intended ). I'm also getting redirected in both Firefox and IE whenever I try any kind of search on MBAM or Avira or similar things. A link to somewhere within the forums seems to get me in here, but simply typing in www.malwarebytes.org or a search on anything similar to "MBAM" or "malwarebytes" will get me redirected. Some of the redirections are to relatively harmless sites, but quite often they lead to stuff like AntiVirus 2009 and other scams promising a quick fix to all my problems. I think its time to throw in the towel and admit that I'm in way over my head and ask for help from you kind folks. Windows XP Pro SP3 with all the latest updates and hotfixes as of a few days ago Firefox 3.5.2 Internet Explorer 8.0.6001.18702 3.8 GHz Pentium 4 with 2 GB RAM