Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware.. Need help removing


  • Please log in to reply
2 replies to this topic

#1 Chikakoo

Chikakoo

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:04:22 AM

Posted 20 August 2009 - 07:45 PM

Hi, I was redirected here from this thread. If I really need to I'll copy and paste it here so you don't have to click the link...

Everything I tried in order to remove my problems (Google redirecting, randomly closing certain programs like Malwarebytes) is on that thread. Sadly, everything failed so now I come to this thread for help.

So, I'm just following the instructions on the thread I was directed to. I got the DSS logs but RootRepeal still isn't working for me (see the other thread).

Well.. not much else to say... Thanks for any help.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Lionel Crafts at 17:24:38.59 on Thu 08/20/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.70 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lionel Crafts\My Documents\KeyRemapper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lionel Crafts\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {4d25f921-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: []
uRun: [KeyMapperStarup] "c:\documents and settings\lionel crafts\my documents\KeyRemapper.exe" /background
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\documents and settings\lionel crafts\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: turbotax.com
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendo.com/consumer/systems/wii/en_na/usbaptest.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/binary/MJSS.cab69309.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: {D372D310-BEFB-4318-9E99-EDE8B0A9BEEE} = 68.105.28.11,68.105.28.12,68.105.29.11
Filter: text/html - {6fb77d40-3877-442f-a724-387e093e1aa5} - c:\windows\mark_32.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-11 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-11 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-11 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-11 297752]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-11 908056]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11.tmp --> c:\windows\system32\11.tmp [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

=============== Created Last 30 ================

2009-08-19 17:06 --d----- c:\documents and settings\lionel crafts\DoctorWeb
2009-08-19 15:53 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 15:53 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-18 22:04 --d----- c:\program files\Sophos
2009-08-17 23:55 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 22:18 24,576 a------- c:\windows\system32\tapi.nfo
2009-08-17 22:17 23,552 a------- c:\windows\system32\UAChmehfoswbi.dll
2009-08-17 22:17 49,664 a------- c:\windows\system32\drivers\UACyfygnqwaev.sys
2009-08-17 22:15 0 a--sh--- C:\-58898812
2009-08-13 01:52 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 01:52 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-26 10:51 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-26 10:51 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-26 10:43 --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

==================== Find3M ====================

2009-08-16 08:13 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-16 08:13 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-07 17:12 34 a------- c:\documents and settings\lionel crafts\jagex_runescape_preferences.dat
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2006-04-07 07:56 26,922 a------- c:\program files\moviepass Terms.html

============= FINISH: 17:25:40.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:22 AM

Posted 29 August 2009 - 03:55 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.




Please download and run Win32kDiag:
Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========

Please post the following logs in your next reply:

* Win32kDiag.txt
* Log.txt
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Chikakoo

Chikakoo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:04:22 AM

Posted 30 August 2009 - 03:02 AM

Hello, thanks for taking the time to help me.

Before I post my logs, I think I should tell you some recent events with my computer. A couple days ago, my desktop randomly.. well went away. I had to open programs through the task manager. When I tried to load explorer.exe, it didn't work and it wouldn't let me rename it or anything. Eventually I found some program to remove a virus that would cause this (on this site) and I tried to run it, but it also randomly closed like all the others...

Afterwards, I decided to try a system restore, which actually worked (contrary to before, if you read the last thread).

I know I shouldn't have installed any programs because it might mess up the previous log I posted, but with my desktop gone I didn't know what else to do :thumbup2:. If I need to, I'll run the programs again and repost the logs.

Anyways, ever since then, I have been able to click google links without redirecting. The only problem I seem to be having is the inability to run any virus scans with AVG, Malwarebytes, etc... which is still a big problem.

Alright, here are the logs, I hope I did everything right.

Win32kDiag:

Log file is located at: C:\Documents and Settings\Lionel Crafts\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-04 03:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-13 17:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe

[1] 2004-11-30 14:46:40 654848 C:\WINDOWS\$hf_mig$\KB873333\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 14:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB890923\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB893066\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB893086\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB896688\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896727\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899588\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB905915\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB912812\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB916281\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB918899\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB924496\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB929338\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961503\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe ()

[1] 2006-04-10 12:36:18 710584 C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3778398903-524907510-3814468659-1003\S-1-5-21-3778398903-524907510-3814468659-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3778398903-524907510-3814468659-1003\S-1-5-21-3778398903-524907510-3814468659-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\Symantec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3778398903-524907510-3814468659-1003\S-1-5-21-3778398903-524907510-3814468659-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\CCWin\Address Book\Address Book

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 03:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 60928 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 17:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\system32\hkcmd.exe

[1] 2005-01-23 14:31:34 126976 C:\WINDOWS\system32\hkcmd.exe ()

[1] 2005-10-19 08:59:12 126976 C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\hkcmd.exe (Intel Corporation)



Cannot access: C:\WINDOWS\system32\igfxtray.exe

[1] 2005-01-23 14:36:10 155648 C:\WINDOWS\system32\igfxtray.exe ()

[1] 2005-10-19 08:59:14 155648 C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\igfxtray.exe (Intel Corporation)





Finished!


And, the log from peek:

Volume in drive C has no label.
Volume Serial Number is FC7D-4684

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 03:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 03:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 03:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users