Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32k.sys Rootkit


  • This topic is locked This topic is locked
68 replies to this topic

#1 lola69

lola69

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:09:13 AM

Posted 30 August 2009 - 09:20 AM

I have the crazy Rootkit infecting my computer and was asked by a helper here to post my rootrepeal log here. It is not complete nor can I access the program again. I also tried all the prep instructions but could not even complete them. Hopefully I linked the previous post properly as requested. The name of my post is Can't run ANY anti-spyware (spybot, HJT) BAD INFECTION!!! Here it is:

{Mod Edit: AII topic here, nothing will run~~boopme}
http://www.bleepingcomputer.com/forums/top...ml#entry1405648


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/29 23:33
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\windows\System32\Drivers\dump_atapi.sys
Address: 0xF1E25000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A63000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xB96DB000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\windows\win32k.sys:1
Address: 0xF7847000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\windows\win32k.sys:2
Address: 0xF75FF000 Size: 61440 File Visible: No Signed: -
Status: -

Stealth Objects
-------------------
Object: Hidden Module [Name: UAC28cb.tmprxgafj.dll]
Process: svchost.exe (PID: 876) Address: 0x009c0000 Size: 217088

Object: Hidden Module [Name: UACuthwbxspac.dll]
Process: svchost.exe (PID: 876) Address: 0x00970000 Size: 77824

Object: Hidden Module [Name: UACwtkdtudjhn.dll]
Process: svchost.exe (PID: 876) Address: 0x00cf0000 Size: 73728

Object: Hidden Module [Name: kbiwkmxexnkbxm.dll]
Process: svchost.exe (PID: 876) Address: 0x10000000 Size: 57344

Object: Hidden Module [Name: UACuthwbxspac.dll]
Process: Explorer.EXE (PID: 516) Address: 0x00bb0000 Size: 77824

Object: Hidden Module [Name: kbiwkmmqpfwopa.dll]
Process: Explorer.EXE (PID: 516) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: kbiwkmmqpfwopa.dll]
Process: firefox.exe (PID: 272) Address: 0x01080000 Size: 28672

==EOF==

Edited by boopme, 30 August 2009 - 09:45 AM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 30 August 2009 - 04:58 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

Lets confirm the diagnosis.

Please do this...

Download and run Win32kDiag:Next......


Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

With your next post please provide:

* Win32kDiag.txt
* Log.txt

I will review your logs and post instructions forthcoming.
Regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 lola69

lola69
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:09:13 AM

Posted 30 August 2009 - 05:46 PM

Thank you T for taking time out of your weekend to help me! It's ok if it takes a while to get a response as I am just grateful my computer works enough to be here in the first place. Other than following the advice here, this computer is officially quarantined from being used at my house!!!

Here is the log from Win32 as requested.

Log file is located at: C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\windows'...



Found mount point : C:\windows\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\$hf_mig$\KB968389\KB968389

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11.tmp\ZAP11.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP124.tmp\ZAP124.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP19B.tmp\ZAP19B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27C.tmp\ZAP27C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29B.tmp\ZAP29B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDF.tmp\ZAPDF.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE6.tmp\ZAPE6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\Debug\Setup\Backup\Backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\02cded8b341a95a07525625c2bc327cd\02cded8b341a95a07525625c2bc327cd

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\33f7f74c1f2dd7f42fc9405a2a3a0987\33f7f74c1f2dd7f42fc9405a2a3a0987

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\4d5f3eeb0c5bea6a6f952f53c701d419\4d5f3eeb0c5bea6a6f952f53c701d419

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\585dc2612ebcefc90e7dee4c276ee95e

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\5de8a2d2234f0d548a5c0d05d076e6d9\5de8a2d2234f0d548a5c0d05d076e6d9

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\808beb165f27a62918a96eaf33d033f4\808beb165f27a62918a96eaf33d033f4

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\9780bac19c14b959b8e3152a072a5bd5\9780bac19c14b959b8e3152a072a5bd5

Mount point destination : \Device\__max++>\^

Cannot access: C:\windows\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\windows\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB887797\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\windows\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\windows\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB900930\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\windows\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB905915\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\windows\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB929338\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\windows\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\windows\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\windows\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\windows\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB961503\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\7e2110c803604799bad6cc14ba892658\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe ()

[1] 2005-06-28 10:24:52 716000 C:\windows\SoftwareDistribution\Download\f02c2828ce1a7e59faeaf4f021a92e1c\update\update.exe (Microsoft Corporation)

[2] 2002-01-28 16:56:30 252416 C:\System Volume Information\_restore{B42F6F45-55BA-42D3-AD38-9C1E71814474}\RP798\A0256849.exe (Microsoft Corporation)



Found mount point : C:\windows\SoftwareDistribution\Download\cf0471ca1f3f12affe6c8fea1ffc6ddb\cf0471ca1f3f12affe6c8fea1ffc6ddb

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\windows\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB887797\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\windows\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\windows\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB900930\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\windows\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB905915\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\windows\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB929338\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\windows\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\windows\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\windows\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\windows\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB961503\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\7e2110c803604799bad6cc14ba892658\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe ()

[1] 2005-06-28 10:24:52 716000 C:\windows\SoftwareDistribution\Download\f02c2828ce1a7e59faeaf4f021a92e1c\update\update.exe (Microsoft Corporation)

[2] 2002-01-28 16:56:30 252416 C:\System Volume Information\_restore{B42F6F45-55BA-42D3-AD38-9C1E71814474}\RP798\A0256849.exe (Microsoft Corporation)



Found mount point : C:\windows\SoftwareDistribution\Download\d745499f6740a9a7ba47793d863ceeea\d745499f6740a9a7ba47793d863ceeea

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\e8cddcf89b5b5aa70e29fb19185704bb\e8cddcf89b5b5aa70e29fb19185704bb

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\f97144a7ca2b4a7ca5f7a9ba7d77b6ef\f97144a7ca2b4a7ca5f7a9ba7d77b6ef

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\fc43e40fa9ac77569a3e0a70ca175c25\fc43e40fa9ac77569a3e0a70ca175c25

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\003ee97e1e7cce9cf1a22e4a59295700\003ee97e1e7cce9cf1a22e4a59295700

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\02e4a32faaac2a62f840e39258d4c0c0\02e4a32faaac2a62f840e39258d4c0c0

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\1c11f529eeb0e85a68f12167cab6a0dd\1c11f529eeb0e85a68f12167cab6a0dd

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\2250e51023ad83ba7ae3f5c2602934de\2250e51023ad83ba7ae3f5c2602934de

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\3d8a7c015a41af314aaf4652ff42888b\3d8a7c015a41af314aaf4652ff42888b

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\3f5b7aba50790f47139b718f6e01b377\3f5b7aba50790f47139b718f6e01b377

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\3f9208281120267ef04a475459d8adda\3f9208281120267ef04a475459d8adda

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\4a898aa871c3b5e2655e7536353bd2cb\4a898aa871c3b5e2655e7536353bd2cb

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\725922d63f6ef3d5e96684a89c09350a\725922d63f6ef3d5e96684a89c09350a

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\7d49753b93ffa6844bcba39df0e9b771\7d49753b93ffa6844bcba39df0e9b771

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\80198a7412e38233885c6478751b8aad\80198a7412e38233885c6478751b8aad

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\84ed072310665c1b9cc99c947698628c\84ed072310665c1b9cc99c947698628c

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\9f1c7c51583084c35b1185274d449cfd\9f1c7c51583084c35b1185274d449cfd

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\a23895a83ee5a7d0cfe6e67cb71b81fd\a23895a83ee5a7d0cfe6e67cb71b81fd

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\ac9aa4df451dcb33a290bfb3ccc6579c\ac9aa4df451dcb33a290bfb3ccc6579c

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\c06fde0336bc086956175a8d40409d7c\c06fde0336bc086956175a8d40409d7c

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\fac0551afd7efe0442f60bcd97856f56\fac0551afd7efe0442f60bcd97856f56

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\fde31dd0925f55069919b64e118f5bc5\fde31dd0925f55069919b64e118f5bc5

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\DirectX\DX20.tmp\directx\directx

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\DirectX\DX20.tmp\drivers\drivers

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\DirectX\DX20.tmp\help\help

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\DirectX\DX20.tmp\inf\inf

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\DirectX\DX20.tmp\sysbckup\sysbckup

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\DirectX\DX20.tmp\system\system

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\windows\system32\eventlog.dll

[1] 2004-08-04 08:00:00 55808 C:\windows\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 05:41:54 56320 C:\windows\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 05:41:54 62976 C:\windows\system32\eventlog.dll ()

[2] 2008-04-14 05:41:54 56320 C:\windows\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\windows\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Cannot access: C:\windows\system32\MRT.exe

[1] 2009-07-29 20:49:14 24281536 C:\windows\system32\MRT.exe ()

[2] 2009-07-07 11:10:56 24539592 C:\System Volume Information\_restore{B42F6F45-55BA-42D3-AD38-9C1E71814474}\RP810\A0262210.exe (Microsoft Corporation)



Found mount point : C:\windows\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\windows\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

NOW HERE IS THE SECOND LOG:


Volume in drive C has no label.
Volume Serial Number is 0088-C4A4

Directory of C:\WINDOWS\$NtServicePackUninstall$

04/08/2004 08:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

04/08/2004 08:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

04/08/2004 08:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 05:42 AM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 05:42 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

14/04/2008 05:41 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

14/04/2008 05:42 AM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

14/04/2008 05:42 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

14/04/2008 05:41 AM 62,976 eventlog.dll
3 File(s) 651,264 bytes

Directory of C:\WINDOWS\system32\dllcache\cache

14/04/2008 05:42 AM 407,040 netlogon.dll
1 File(s) 407,040 bytes

Total Files Listed:
10 File(s) 2,345,984 bytes
0 Dir(s) 64,053,600,256 bytes free

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 31 August 2009 - 03:00 PM

Hi,
I will review your logs and propose a fix for review by my expert coach. I will then post instructions for you to follow. Please minimize use of this computer if possible. I would like to ask you to remain patient in the meantime and make no changes to the computer whatsoever unless I direct you to do so! Your fix is based on the current state of your computer and any changes could hamper the cleaning process.
Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 lola69

lola69
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:09:13 AM

Posted 31 August 2009 - 04:39 PM

Thanks t,

I would add that since running that log, I keep getting a pop up saying that Internet Explorer is not my default browser and would I like to set it. I have NOT touched anything on this computer except the refresh button on this page or the back button on this page. I don't know if that tidbit of info helps, but thought I would add nonetheless.

This computer is not being used AT ALL since posting so I can assure you no changes will be made.

Thanks again t,

Laura

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 01 September 2009 - 08:27 AM

Hi there,
That confirms a few nasty rootkits.

The cleanup will be in stages. We must first disable the rootkit so we can begin to clean up. Please remember that looks can be deceiving!! You are not clean until I alert you of such.

==========

Lets proceed. Please do this..........


Step 1

Please save this file to your Desktop <-- Important. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

==========

Step 2

Please do this:
  • Click on the Start button, then click on Run...
  • In the empty "Open:" box provided, type cmd and press Enter
    • This will launch a Command Prompt window (looks like DOS).
  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).
    copy C:\windows\ServicePackFiles\i386\eventlog.dll C:\ /y
  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
  • Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
    NOTE: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy was not successful.
  • Exit the Command Prompt window.
==========

Step 3

:( Warning to others reading this thread!: The Avenger is a VERY POWERFUL program, and can easily be misused.
Certain misuses of this program can prevent your system from ever starting again.
For this reason, it is strongly recommended to use The Avenger only as directed and under qualified supervision.
We can accept no responsibility for damage caused by misuse of the program.
:(
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
    Files to move:C:\eventlog.dll | C:\windows\system32\eventlog.dll
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.
==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* Win32kDiag.txt
* Avenger.txt
* Gmer.log

( Please copy & paste all replies unless otherwise notified )

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 lola69

lola69
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:09:13 AM

Posted 01 September 2009 - 08:41 AM

I have printed out your instructions from work in case my pc at home encounters a problem. I will complete these steps as soon as I am home and will post the results. In case something horrific happens with the computer during the process, I will advise you from another computer. Thank you and your expert coach for examining my problem no matter what the outcome is!!

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 01 September 2009 - 10:25 AM

:(
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 lola69

lola69
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:09:13 AM

Posted 01 September 2009 - 07:01 PM

Ok ~t. I finally managed to get all 3 logs. Everything worked fine until I tried to run GMER as that program froze in the middle of a scan. After rebooting, I ran it again and managed to get a log. I will post in this order and separate logs by caps writing. 1. Win32kDiag.txt. 2. Avenger.txt 3. Gmer.log


HERE IS #1

Log file is located at: C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\windows'...



Found mount point : C:\windows\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB912812\KB912812

Found mount point : C:\windows\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB912945\KB912945

Found mount point : C:\windows\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB915865\KB915865

Found mount point : C:\windows\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB916281\KB916281

Found mount point : C:\windows\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB918899\KB918899

Found mount point : C:\windows\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB920213\KB920213

Found mount point : C:\windows\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB922760\KB922760

Found mount point : C:\windows\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB924496\KB924496

Found mount point : C:\windows\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB925454\KB925454

Found mount point : C:\windows\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB928090\KB928090

Found mount point : C:\windows\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB932168\KB932168

Found mount point : C:\windows\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB933566\KB933566

Found mount point : C:\windows\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB937143\KB937143

Found mount point : C:\windows\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB939653\KB939653

Found mount point : C:\windows\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB942615\KB942615

Found mount point : C:\windows\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB943460\KB943460

Found mount point : C:\windows\$hf_mig$\KB968389\KB968389

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\$hf_mig$\KB968389\KB968389

Found mount point : C:\windows\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\addins\addins

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11.tmp\ZAP11.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11.tmp\ZAP11.tmp

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP124.tmp\ZAP124.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP124.tmp\ZAP124.tmp

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP19B.tmp\ZAP19B.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP19B.tmp\ZAP19B.tmp

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27C.tmp\ZAP27C.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27C.tmp\ZAP27C.tmp

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29B.tmp\ZAP29B.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29B.tmp\ZAP29B.tmp

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDF.tmp\ZAPDF.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDF.tmp\ZAPDF.tmp

Found mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE6.tmp\ZAPE6.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE6.tmp\ZAPE6.tmp

Found mount point : C:\windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\temp\temp

Found mount point : C:\windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\assembly\tmp\tmp

Found mount point : C:\windows\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Config\Config

Found mount point : C:\windows\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Connection Wizard\Connection Wizard

Found mount point : C:\windows\Debug\Setup\Backup\Backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Debug\Setup\Backup\Backup

Found mount point : C:\windows\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Debug\UserMode\UserMode

Found mount point : C:\windows\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ftpcache\ftpcache

Found mount point : C:\windows\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\chsime\applets\applets

Found mount point : C:\windows\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\CHTIME\Applets\Applets

Found mount point : C:\windows\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\imejp\applets\applets

Found mount point : C:\windows\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\imejp98\imejp98

Found mount point : C:\windows\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\imjp8_1\applets\applets

Found mount point : C:\windows\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\imkr6_1\applets\applets

Found mount point : C:\windows\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\imkr6_1\dicts\dicts

Found mount point : C:\windows\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\ime\shared\res\res

Found mount point : C:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\windows\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\windows\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\java\classes\classes

Found mount point : C:\windows\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\java\trustlib\trustlib

Found mount point : C:\windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\windows\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\msapps\msinfo\msinfo

Found mount point : C:\windows\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\mui\mui

Found mount point : C:\windows\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\windows\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\windows\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\BATCH\BATCH

Found mount point : C:\windows\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\windows\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\windows\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\windows\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\windows\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\pchealth\helpctr\Temp\Temp

Found mount point : C:\windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Registration\CRMLog\CRMLog

Found mount point : C:\windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\windows\SoftwareDistribution\Download\02cded8b341a95a07525625c2bc327cd\02cded8b341a95a07525625c2bc327cd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\02cded8b341a95a07525625c2bc327cd\02cded8b341a95a07525625c2bc327cd

Found mount point : C:\windows\SoftwareDistribution\Download\33f7f74c1f2dd7f42fc9405a2a3a0987\33f7f74c1f2dd7f42fc9405a2a3a0987

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\33f7f74c1f2dd7f42fc9405a2a3a0987\33f7f74c1f2dd7f42fc9405a2a3a0987

Found mount point : C:\windows\SoftwareDistribution\Download\4d5f3eeb0c5bea6a6f952f53c701d419\4d5f3eeb0c5bea6a6f952f53c701d419

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\4d5f3eeb0c5bea6a6f952f53c701d419\4d5f3eeb0c5bea6a6f952f53c701d419

Found mount point : C:\windows\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\585dc2612ebcefc90e7dee4c276ee95e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\585dc2612ebcefc90e7dee4c276ee95e

Found mount point : C:\windows\SoftwareDistribution\Download\5de8a2d2234f0d548a5c0d05d076e6d9\5de8a2d2234f0d548a5c0d05d076e6d9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\5de8a2d2234f0d548a5c0d05d076e6d9\5de8a2d2234f0d548a5c0d05d076e6d9

Found mount point : C:\windows\SoftwareDistribution\Download\808beb165f27a62918a96eaf33d033f4\808beb165f27a62918a96eaf33d033f4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\808beb165f27a62918a96eaf33d033f4\808beb165f27a62918a96eaf33d033f4

Found mount point : C:\windows\SoftwareDistribution\Download\9780bac19c14b959b8e3152a072a5bd5\9780bac19c14b959b8e3152a072a5bd5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\9780bac19c14b959b8e3152a072a5bd5\9780bac19c14b959b8e3152a072a5bd5

Cannot access: C:\windows\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe

Attempting to restore permissions of : C:\windows\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\windows\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB887797\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\windows\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\windows\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB900930\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\windows\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB905915\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\windows\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB929338\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\windows\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\windows\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\windows\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\windows\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB961503\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\7e2110c803604799bad6cc14ba892658\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe ()

[1] 2005-06-28 10:24:52 716000 C:\windows\SoftwareDistribution\Download\f02c2828ce1a7e59faeaf4f021a92e1c\update\update.exe (Microsoft Corporation)

[2] 2002-01-28 16:56:30 252416 C:\System Volume Information\_restore{B42F6F45-55BA-42D3-AD38-9C1E71814474}\RP798\A0256849.exe (Microsoft Corporation)



Found mount point : C:\windows\SoftwareDistribution\Download\cf0471ca1f3f12affe6c8fea1ffc6ddb\cf0471ca1f3f12affe6c8fea1ffc6ddb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\cf0471ca1f3f12affe6c8fea1ffc6ddb\cf0471ca1f3f12affe6c8fea1ffc6ddb

Found mount point : C:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Cannot access: C:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe

Attempting to restore permissions of : C:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\windows\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\windows\$hf_mig$\KB887797\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\windows\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\windows\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\windows\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\windows\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB900930\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\windows\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\windows\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB905915\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\windows\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\windows\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB929338\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\windows\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\windows\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\windows\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\windows\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\windows\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\windows\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\windows\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\windows\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\windows\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB961503\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\windows\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\windows\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\windows\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\7e2110c803604799bad6cc14ba892658\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\windows\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe (Microsoft Corporation)

[1] 2005-06-28 10:24:52 716000 C:\windows\SoftwareDistribution\Download\f02c2828ce1a7e59faeaf4f021a92e1c\update\update.exe (Microsoft Corporation)

[2] 2002-01-28 16:56:30 252416 C:\System Volume Information\_restore{B42F6F45-55BA-42D3-AD38-9C1E71814474}\RP798\A0256849.exe (Microsoft Corporation)



Found mount point : C:\windows\SoftwareDistribution\Download\d745499f6740a9a7ba47793d863ceeea\d745499f6740a9a7ba47793d863ceeea

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\d745499f6740a9a7ba47793d863ceeea\d745499f6740a9a7ba47793d863ceeea

Found mount point : C:\windows\SoftwareDistribution\Download\e8cddcf89b5b5aa70e29fb19185704bb\e8cddcf89b5b5aa70e29fb19185704bb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\e8cddcf89b5b5aa70e29fb19185704bb\e8cddcf89b5b5aa70e29fb19185704bb

Found mount point : C:\windows\SoftwareDistribution\Download\f97144a7ca2b4a7ca5f7a9ba7d77b6ef\f97144a7ca2b4a7ca5f7a9ba7d77b6ef

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\f97144a7ca2b4a7ca5f7a9ba7d77b6ef\f97144a7ca2b4a7ca5f7a9ba7d77b6ef

Found mount point : C:\windows\SoftwareDistribution\Download\fc43e40fa9ac77569a3e0a70ca175c25\fc43e40fa9ac77569a3e0a70ca175c25

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\fc43e40fa9ac77569a3e0a70ca175c25\fc43e40fa9ac77569a3e0a70ca175c25

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\003ee97e1e7cce9cf1a22e4a59295700\003ee97e1e7cce9cf1a22e4a59295700

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\003ee97e1e7cce9cf1a22e4a59295700\003ee97e1e7cce9cf1a22e4a59295700

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\02e4a32faaac2a62f840e39258d4c0c0\02e4a32faaac2a62f840e39258d4c0c0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\02e4a32faaac2a62f840e39258d4c0c0\02e4a32faaac2a62f840e39258d4c0c0

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\1c11f529eeb0e85a68f12167cab6a0dd\1c11f529eeb0e85a68f12167cab6a0dd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\1c11f529eeb0e85a68f12167cab6a0dd\1c11f529eeb0e85a68f12167cab6a0dd

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\2250e51023ad83ba7ae3f5c2602934de\2250e51023ad83ba7ae3f5c2602934de

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\2250e51023ad83ba7ae3f5c2602934de\2250e51023ad83ba7ae3f5c2602934de

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\3d8a7c015a41af314aaf4652ff42888b\3d8a7c015a41af314aaf4652ff42888b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\3d8a7c015a41af314aaf4652ff42888b\3d8a7c015a41af314aaf4652ff42888b

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\3f5b7aba50790f47139b718f6e01b377\3f5b7aba50790f47139b718f6e01b377

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\3f5b7aba50790f47139b718f6e01b377\3f5b7aba50790f47139b718f6e01b377

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\3f9208281120267ef04a475459d8adda\3f9208281120267ef04a475459d8adda

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\3f9208281120267ef04a475459d8adda\3f9208281120267ef04a475459d8adda

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\4a898aa871c3b5e2655e7536353bd2cb\4a898aa871c3b5e2655e7536353bd2cb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\4a898aa871c3b5e2655e7536353bd2cb\4a898aa871c3b5e2655e7536353bd2cb

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\725922d63f6ef3d5e96684a89c09350a\725922d63f6ef3d5e96684a89c09350a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\725922d63f6ef3d5e96684a89c09350a\725922d63f6ef3d5e96684a89c09350a

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\7d49753b93ffa6844bcba39df0e9b771\7d49753b93ffa6844bcba39df0e9b771

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\7d49753b93ffa6844bcba39df0e9b771\7d49753b93ffa6844bcba39df0e9b771

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\80198a7412e38233885c6478751b8aad\80198a7412e38233885c6478751b8aad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\80198a7412e38233885c6478751b8aad\80198a7412e38233885c6478751b8aad

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\84ed072310665c1b9cc99c947698628c\84ed072310665c1b9cc99c947698628c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\84ed072310665c1b9cc99c947698628c\84ed072310665c1b9cc99c947698628c

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\9f1c7c51583084c35b1185274d449cfd\9f1c7c51583084c35b1185274d449cfd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\9f1c7c51583084c35b1185274d449cfd\9f1c7c51583084c35b1185274d449cfd

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\a23895a83ee5a7d0cfe6e67cb71b81fd\a23895a83ee5a7d0cfe6e67cb71b81fd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\a23895a83ee5a7d0cfe6e67cb71b81fd\a23895a83ee5a7d0cfe6e67cb71b81fd

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\ac9aa4df451dcb33a290bfb3ccc6579c\ac9aa4df451dcb33a290bfb3ccc6579c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\ac9aa4df451dcb33a290bfb3ccc6579c\ac9aa4df451dcb33a290bfb3ccc6579c

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\c06fde0336bc086956175a8d40409d7c\c06fde0336bc086956175a8d40409d7c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\c06fde0336bc086956175a8d40409d7c\c06fde0336bc086956175a8d40409d7c

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\fac0551afd7efe0442f60bcd97856f56\fac0551afd7efe0442f60bcd97856f56

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\fac0551afd7efe0442f60bcd97856f56\fac0551afd7efe0442f60bcd97856f56

Found mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\fde31dd0925f55069919b64e118f5bc5\fde31dd0925f55069919b64e118f5bc5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\SoftwareDistribution\Download\S-1-5-18\fde31dd0925f55069919b64e118f5bc5\fde31dd0925f55069919b64e118f5bc5

Found mount point : C:\windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\Sun\Java\Deployment\Deployment

Found mount point : C:\windows\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1025\1025

Found mount point : C:\windows\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1028\1028

Found mount point : C:\windows\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1031\1031

Found mount point : C:\windows\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1037\1037

Found mount point : C:\windows\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1041\1041

Found mount point : C:\windows\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1042\1042

Found mount point : C:\windows\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\1054\1054

Found mount point : C:\windows\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\2052\2052

Found mount point : C:\windows\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\3076\3076

Found mount point : C:\windows\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\3com_dmi\3com_dmi

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\windows\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\windows\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Favorites\Favorites

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Found mount point : C:\windows\system32\config\systemprofile\Local Settings\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Local Settings\temp\temp

Found mount point : C:\windows\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\My Documents\My Documents

Found mount point : C:\windows\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\windows\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\windows\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\config\systemprofile\Recent\Recent

Found mount point : C:\windows\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\dhcp\dhcp

Found mount point : C:\windows\system32\DirectX\DX20.tmp\directx\directx

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\DirectX\DX20.tmp\directx\directx

Found mount point : C:\windows\system32\DirectX\DX20.tmp\drivers\drivers

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\DirectX\DX20.tmp\drivers\drivers

Found mount point : C:\windows\system32\DirectX\DX20.tmp\help\help

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\DirectX\DX20.tmp\help\help

Found mount point : C:\windows\system32\DirectX\DX20.tmp\inf\inf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\DirectX\DX20.tmp\inf\inf

Found mount point : C:\windows\system32\DirectX\DX20.tmp\sysbckup\sysbckup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\DirectX\DX20.tmp\sysbckup\sysbckup

Found mount point : C:\windows\system32\DirectX\DX20.tmp\system\system

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\DirectX\DX20.tmp\system\system

Found mount point : C:\windows\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\windows\system32\drivers\disdn\disdn

Cannot access: C:\windows\system32\eventlog.dll

Attempting to restore permissions of : C:\windows\system32\eventlog.dll

[1] 2004-08-04 08:00:00 55808 C:\windows\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)


HERE IS #2

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\eventlog.dll|C:\windows\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


HERE IS #3

GMER 1.0.15.15077 [ri5e0l31.exe] - http://www.gmer.net
Rootkit scan 2009-09-01 19:52:49
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 87553A0E ZwEnumerateKey
Code 87559656 ZwFlushInstructionCache
Code 87502E36 ZwSaveKey
Code 87687916 ZwSaveKeyEx
Code 8754F15D IofCallDriver
Code 8754E00D IofCompleteRequest
Code 875616ED ZwSaveKey
Code 8756196D ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8754F162
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8754E012
.text ntoskrnl.exe!ZwSaveKey 804E42AE 5 Bytes JMP 875616F2
.text ntoskrnl.exe!ZwSaveKeyEx 804E42C2 5 Bytes JMP 87561972
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 87553A12
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 8755965A
PAGE ntoskrnl.exe!ZwSaveKey 8065616E 5 Bytes JMP 87502E3A
PAGE ntoskrnl.exe!ZwSaveKeyEx 80656259 5 Bytes JMP 8768791A

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\Iexplore.exe[832] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01279315 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01354832 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0146E021 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0146DF51 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0146DFBE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0146DE22 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0146DE84 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0146E084 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0146DEE6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] WININET.dll!HttpAddRequestHeadersA 63018275 5 Bytes JMP 010B000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] WININET.dll!HttpAddRequestHeadersW 630282B3 5 Bytes JMP 011A000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D629A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D627E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D627C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[832] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D627A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 01279315 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0134DBCB C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0134DD81 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01354832 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 012B1CA2 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 0146E021 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 0146DF51 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 0146DFBE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 0146DE22 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 0146DE84 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 0146E084 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 0146DEE6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0135488E C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] WININET.dll!HttpAddRequestHeadersA 63018275 5 Bytes JMP 0110000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] WININET.dll!HttpAddRequestHeadersW 630282B3 5 Bytes JMP 011F000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C629A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00C627E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C627C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1232] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C627A0
.text C:\windows\Explorer.EXE[1912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BA000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\Iexplore.exe[1232] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [01E118FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACjydmrxgafj.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [816] 0x10000000
Library \\?\globalroot\systemroot\system32\UACuthwbxspac.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [816] 0x00A30000
Library \\?\globalroot\systemroot\system32\UACcmwlgsgwos.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [832] 0x00F80000
Library \\?\globalroot\systemroot\system32\UACjydmrxgafj.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [892] 0x10000000
Library \\?\globalroot\systemroot\system32\UACuthwbxspac.dll (*** hidden *** ) @ C:\windows\System32\svchost.exe [892] 0x00A30000
Library \\?\globalroot\systemroot\system32\UACjydmrxgafj.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [992] 0x10000000
Library \\?\globalroot\systemroot\system32\UACuthwbxspac.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [992] 0x00A30000
Library \\?\globalroot\systemroot\system32\UACjydmrxgafj.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1060] 0x10000000
Library \\?\globalroot\systemroot\system32\UACuthwbxspac.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1060] 0x00A40000
Library \\?\globalroot\systemroot\system32\UACcmwlgsgwos.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1232] 0x00F90000
Library \\?\globalroot\systemroot\system32\UACjydmrxgafj.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1272] 0x10000000
Library \\?\globalroot\systemroot\system32\UACuthwbxspac.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1272] 0x00A30000
Library \\?\globalroot\systemroot\system32\UACjydmrxgafj.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1548] 0x10000000
Library \\?\globalroot\systemroot\system32\UACuthwbxspac.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1548] 0x00A30000
Library \\?\globalroot\systemroot\system32\UACcmwlgsgwos.dll (*** hidden *** ) @ C:\windows\Explorer.EXE [1912] 0x00DA0000

---- Services - GMER 1.0.15 ----

Service C:\windows\system32\drivers\kbiwkmsftirprq.sys (*** hidden *** ) [SYSTEM] kbiwkmswiopdpa <-- ROOTKIT !!!
Service C:\windows\system32\drivers\UACqltowcdjog.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa@imagepath \systemroot\system32\drivers\kbiwkmsftirprq.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\main@aid 10002
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\main@sid 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmsftirprq.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmxexnkbxm.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmiredtwar.dat
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmmqpfwopa.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmswiopdpa\modules@kbiwkm.dat \systemroot\system32\kbiwkmbtfiesps.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACqltowcdjog.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACqltowcdjog.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwtkdtudjhn.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACjydmrxgafj.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACqbbmqeexgn.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACilqdrubvqe.db
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACuthwbxspac.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcmwlgsgwos.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa@imagepath \systemroot\system32\drivers\kbiwkmsftirprq.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmsftirprq.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmxexnkbxm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmiredtwar.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmmqpfwopa.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa\modules@kbiwkm.dat \systemroot\system32\kbiwkmbtfiesps.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 11651
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACqltowcdjog.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACqltowcdjog.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwtkdtudjhn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACjydmrxgafj.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACqbbmqeexgn.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACilqdrubvqe.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACuthwbxspac.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACcmwlgsgwos.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxdndoyjda.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@userdata -1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm@imagepath \systemroot\system32\drivers\hjgruioqbabrsi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\main@aid 10002
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruioqbabrsi.sys
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\modules@hjgruicmd.dll \systemroot\system32\hjgruipfuwsrqx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\modules@hjgruilog.dat \systemroot\system32\hjgruieykvxewf.dat
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\modules@hjgruiwsp.dll \systemroot\system32\hjgruitqowvtgo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruikypuqfqm\modules@hjgrui.dat \systemroot\system32\hjgruidoyxtltn.dat
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxdndoyjda.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@userdata -1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxdndoyjda.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxeaorspkr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm@imagepath \systemroot\system32\drivers\hjgruioqbabrsi.sys
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\main@aid 10002
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\main@sid 0
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruioqbabrsi.sys
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\modules@hjgruicmd.dll \systemroot\system32\hjgruipfuwsrqx.dll
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\modules@hjgruilog.dat \systemroot\system32\hjgruieykvxewf.dat
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\modules@hjgruiwsp.dll \systemroot\system32\hjgruitqowvtgo.dll
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruikypuqfqm\modules@hjgrui.dat \systemroot\system32\hjgruidoyxtltn.dat
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owner\Local Settings\temp\UACa8e5.tmp 343040 bytes executable
File C:\Qoobox\Quarantine\C\windows\system32\UACaaegxjnuwp.dll.vir 20480 bytes executable
File C:\Qoobox\Quarantine\C\windows\system32\UACdasrvimkeh.dll.vir 20480 bytes executable
File C:\Qoobox\Quarantine\C\windows\system32\UACdyblxwgttv.db.vir 1110399 bytes
File C:\Qoobox\Quarantine\C\windows\system32\uacinit.dll.vir 6462 bytes
File C:\Qoobox\Quarantine\C\windows\system32\UACqhxoyeqpap.db.vir 1110399 bytes
File C:\Qoobox\Quarantine\C\windows\system32\UACqjpdxgwweh.dll.vir 74240 bytes executable
File C:\Qoobox\Quarantine\C\windows\system32\UACqmqaiucbix.dll.vir 30208 bytes executable
File C:\Qoobox\Quarantine\C\windows\system32\UACwaqeelevxf.dll.vir 30208 bytes executable
File C:\Qoobox\Quarantine\C\windows\system32\UACxnscdjnsrp.dat.vir 310 bytes
File C:\Qoobox\Quarantine\C\windows\system32\UACyejlqbjhhb.dat.vir 310 bytes

---- EOF - GMER 1.0.15 ----

I IMAGINE THIS MAY TAKE A WHILE FOR YOU BOTH. THE COMPUTER WILL NOT BE TOUCHED UNTIL YOU ADVISE ME TO DO SO!!! (****thank you****)

Ever grateful,
Laura

#10 lola69

lola69
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:09:13 AM

Posted 01 September 2009 - 10:43 PM

NEW ISSUE ~t!!!!!

I swear there is a ghost in my machine. I left the computer on with just this site up and all of a sudden, a voice came through the speakers and was talking as though it was a gaming clip. Then, to make matters worse, a Nickelback song started playing. Ummmmmmm I don't even OWN a Nickelback song anywhere on my computer. This has NEVER happened before. I opened the task manager and there were NO applications running other than the Firefox page!!!

Not sure how this happened or if it's even relevant but it literally scared the @#@$! out of me.

Thanks
Laura

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 02 September 2009 - 07:22 AM

Hi again,

Your computer is very severely infected. The "sounds" you report are related to your infection and are not uncommon. As I noted earlier your cleanup will be carried out in stages so don't be surprised if one or more symptoms persist as we progress. Your cleanup is moving along very well so far though. I appreciate the detailed info you are providing. :(

==========

We need to create a batch file.
:( Warning :)
This file was written specifically for this user, for use on this particular machine.
Running this on another machine may cause irreparable damage to your operating system
  • Please copy the contents of the code box below
  • Open notepad and paste the contents of the code box there
  • On the top toolbar in notepad select file
  • Then save as
  • In the box that opens type in nuke.bat for the file name
  • Right below that click the down arrow in the line for save as type and select all files
  • Save this to your desktop and close notepad
@echo off
ri5e0l31 -killall
ri5e0l31 -del service UACd.sys
ri5e0l31 -del service kbiwkmswiopdpa
ri5e0l31 -del file C:\windows\system32\drivers\kbiwkmsftirprq.sys
ri5e0l31 -del file C:\windows\system32\drivers\UACqltowcdjog.sys
ri5e0l31 -del file C:\Documents and Settings\Owner\Local Settings\temp\UACa8e5.tmp
ri5e0l31 -del reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmswiopdpa
ri5e0l31 -del reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
ri5e0l31 -reboot
  • Locate the nuke icon on your desktop and double click it. A box will pop up briefly on your screen and disappear, this is normal
==========

Please Re-run Gmer and post another log for my review

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* Gmer.log
* OTL log.txt & Extra.txt
* How is your computer running now?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 lola69

lola69
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:09:13 AM

Posted 02 September 2009 - 08:44 AM

thanks ~t!!

I've printed out the instructions again from work and will perform the tasks later tonight. The results will be posted by the morning at the latest. At least I know now that the possessed demon is the result of some nasty viruses!!! From here on in, I will only post replies that you actually ask for.

;)

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 02 September 2009 - 09:23 AM

Please do not hesitate to ask questions and post updated info as needed. The more info I have the better I can assist you. :(
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 lola69

lola69
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:09:13 AM

Posted 02 September 2009 - 08:46 PM

Things didn't go as well as planned in following the steps. After I clicked on the nuke.bat file that I created, a pop up DID come up (like DOS) BUT it did not disappear. Instead, a new pop up said, "GMER An error 0X00000002 occurred during the deletion of file: "C:\Documents". The specified module could not be found".

Then I clicked OK and the pc froze. FIRST REBOOT.

I then ran GMER but it froze during a scan so I had to do a SECOND REBOOT. After the second reboot, I ran it again and got a log. Then I proceeded to steps 2 and 3 and they went well.

Here are the logs:

NEW GMER LOG

GMER 1.0.15.15077 [ri5e0l31.exe] - http://www.gmer.net
Rootkit scan 2009-09-02 21:36:29
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 874E4188 ZwEnumerateKey
Code 874C9110 ZwFlushInstructionCache
Code 876CC1BE ZwSaveKey
Code 874B81BE ZwSaveKeyEx
Code 876171BE IofCallDriver
Code 874BA1BE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 876171C3
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 874BA1C3
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 874E418C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 874C9114
PAGE ntoskrnl.exe!ZwSaveKey 8065616E 5 Bytes JMP 876CC1C2
PAGE ntoskrnl.exe!ZwSaveKeyEx 80656259 5 Bytes JMP 874B81C2

---- User code sections - GMER 1.0.15 ----

.text C:\windows\Explorer.EXE[884] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B7000A

---- Services - GMER 1.0.15 ----

Service C:\windows\system32\drivers\kbiwkmsftirprq.sys (*** hidden *** ) [SYSTEM] kbiwkmswiopdpa <-- ROOTKIT !!!
Service system32\drivers\UACd.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

HERE IS THE OTL.TXT

OTL logfile created on: 02/09/2009 9:37:49 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1023.29 Mb Total Physical Memory | 590.96 Mb Available Physical Memory | 57.75% Memory free
3.91 Gb Paging File | 3.62 Gb Available in Paging File | 92.76% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 59.66 Gb Free Space | 25.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-B7538C8835
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2005/04/30 17:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\windows\System32\bgsvcgen.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2006/10/13 17:01:06 | 00,207,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/06/29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2006/10/13 17:04:06 | 00,707,376 | ---- | M] (Microsoft Corporation) -- C:\windows\vVX3000.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/01/24 16:06:08 | 06,930,432 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/30 07:26:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/02 21:37:07 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/04/30 17:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\windows\System32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/02/17 15:43:30 | 00,138,680 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2006/10/13 17:01:06 | 00,207,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/06/29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/10/13 18:04:05 | 00,066,872 | ---- | M] () -- C:\windows\System32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
SRV - [2007/10/13 18:04:12 | 00,103,736 | ---- | M] () -- C:\windows\System32\PnkBstrB.exe -- (PnkBstrB [Disabled | Stopped])
SRV - [2005/10/06 19:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/09/15 00:56:48 | 00,141,312 | R--- | M] (Analog Devices, Inc.) -- C:\windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2005/03/04 08:53:00 | 00,127,872 | R--- | M] (Andrea Electronics Corporation) -- C:\windows\System32\drivers\AEAudio.sys -- (AEAudioService [On_Demand | Running])
DRV - [2009/07/09 01:35:26 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\windows\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2006/11/10 15:05:00 | 00,018,688 | ---- | M] (Arcsoft, Inc.) -- C:\windows\System32\drivers\Afc.sys -- (Afc [On_Demand | Stopped])
DRV - [2003/04/08 09:47:26 | 00,188,506 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\System32\drivers\aticxcap.sys -- (ATICXCAP [On_Demand | Running])
DRV - [2003/04/08 09:47:28 | 00,031,003 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\System32\drivers\aticxtun.sys -- (ATICXTUN [On_Demand | Running])
DRV - [2003/04/08 09:47:28 | 00,009,882 | ---- | M] (ATI Technologies, Inc.) -- C:\windows\System32\drivers\aticxxbr.sys -- (ATICXXBR [On_Demand | Running])
DRV - [2007/04/01 14:07:10 | 00,271,360 | ---- | M] () -- C:\windows\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2003/12/03 17:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) -- C:\windows\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd [System | Running])
DRV - [2001/01/02 23:53:00 | 00,019,677 | ---- | M] (Thesycon GmbH, Germany) -- C:\windows\System32\Drivers\dsreader.sys -- (dsreader [On_Demand | Stopped])
DRV - [2002/05/24 12:52:58 | 00,010,368 | ---- | M] (Digit@lway Co., Ltd.) -- C:\windows\System32\DRIVERS\dwusbdnt.sys -- (dwusbdnt [On_Demand | Stopped])
DRV - [2005/12/27 12:14:14 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\windows\System32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Stopped])
DRV - [2001/08/17 08:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\windows\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2004/10/27 16:21:30 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2004/10/27 16:21:36 | 00,138,240 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\windows\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/08/03 23:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\windows\System32\DRIVERS\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2004/08/03 23:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\windows\System32\DRIVERS\HSFDPSP2.sys -- (HSF_DP [On_Demand | Running])
DRV - [2007/04/01 14:07:09 | 00,018,048 | ---- | M] () -- C:\windows\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008/12/28 21:21:17 | 00,137,344 | ---- | M] () -- C:\windows\System32\DRIVERS\litsgt.sys -- (litsgt [Auto | Running])
DRV - [2002/06/10 03:21:02 | 00,010,254 | R--- | M] (Logitech Inc.) -- C:\windows\System32\DRIVERS\LVBulk.sys -- (LVBulk [On_Demand | Stopped])
DRV - [2004/08/03 23:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\windows\System32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2008/04/14 00:16:24 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2004/08/12 22:56:20 | 00,005,810 | R--- | M] () -- C:\windows\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2003/07/17 04:10:06 | 00,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) -- C:\windows\System32\ntsim.sys -- (NTSIM [On_Demand | Stopped])
DRV - [2007/06/29 00:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\windows\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2006/11/28 21:46:20 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\windows\System32\Drivers\PCASp50.sys -- (PCASp50 [Auto | Running])
DRV - [2003/09/19 17:47:24 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\windows\System32\drivers\pfc.sys -- (pfc [On_Demand | Stopped])
DRV - [2002/06/10 15:24:38 | 00,220,079 | ---- | M] (Logitech Inc.) -- C:\windows\System32\DRIVERS\LV551AV.sys -- (PID_0900_V [On_Demand | Stopped])
DRV - [2005/03/15 05:45:20 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/01 20:21:46 | 00,299,776 | R--- | M] () -- C:\windows\System32\DRIVERS\PTV371.X86.SYS -- (PTV371.X86 [On_Demand | Running])
DRV - [2008/11/20 15:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2002/06/10 15:20:50 | 00,039,936 | ---- | M] (Logitech Inc.) -- C:\windows\System32\DRIVERS\LVCD.sys -- (QCDonner [On_Demand | Stopped])
DRV - [2009/08/30 00:00:57 | 00,034,816 | ---- | M] () -- C:\windows\System32\drivers\rootrepeal2.sys -- (rootrepeal2 [On_Demand | Stopped])
DRV - [2006/04/10 01:02:17 | 00,162,816 | ---- | M] (Ralink Technology Inc.) -- C:\windows\System32\DRIVERS\rt25usbap.sys -- (RT25USBAP [On_Demand | Stopped])
DRV - [2007/12/14 18:04:24 | 00,551,680 | ---- | M] (Ralink Technology, Corp.) -- C:\windows\System32\DRIVERS\rt2870.sys -- (rt2870 [On_Demand | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/08/11 01:49:28 | 00,393,088 | R--- | M] (Sensaura) -- C:\windows\System32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running])
DRV - [2008/12/28 21:21:17 | 00,012,032 | ---- | M] () -- C:\windows\System32\DRIVERS\tansgt.sys -- (tansgt [Auto | Running])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2007/07/11 10:40:18 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\windows\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007/07/11 15:51:48 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\windows\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2001/05/07 06:56:02 | 00,019,805 | R--- | M] (Thesycon GmbH, Germany) -- C:\windows\System32\Drivers\usbio.sys -- (USBIO [On_Demand | Stopped])
DRV - [2007/07/11 10:45:00 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\windows\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2005/07/07 04:58:12 | 00,226,560 | R--- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\windows\System32\DRIVERS\vtmini.sys -- (viagfx [On_Demand | Stopped])
DRV - [2006/10/13 17:04:30 | 01,966,384 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\VX3000.sys -- (VX3000 [On_Demand | Running])
DRV - [2006/02/20 17:59:28 | 00,058,288 | R--- | M] (MCCI) -- C:\windows\System32\DRIVERS\w810bus.sys -- (w810bus [On_Demand | Stopped])
DRV - [2006/02/20 17:59:32 | 00,008,336 | R--- | M] (MCCI) -- C:\windows\System32\DRIVERS\w810mdfl.sys -- (w810mdfl [On_Demand | Stopped])
DRV - [2006/02/20 17:59:34 | 00,094,064 | R--- | M] (MCCI) -- C:\windows\System32\DRIVERS\w810mdm.sys -- (w810mdm [On_Demand | Stopped])
DRV - [2006/02/20 17:59:34 | 00,085,408 | R--- | M] (MCCI) -- C:\windows\System32\DRIVERS\w810mgmt.sys -- (w810mgmt [On_Demand | Stopped])
DRV - [2006/02/20 17:59:36 | 00,083,344 | R--- | M] (MCCI) -- C:\windows\System32\DRIVERS\w810obex.sys -- (w810obex [On_Demand | Stopped])
DRV - [2004/08/03 23:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\windows\System32\DRIVERS\HSFCXTS2.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-796845957-602609370-725345543-1003\S-1-5-21-796845957-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://fruttisearch.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://fruttisearch.com/search.php?q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 02:03:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/27 23:48:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/22 17:27:07 | 00,000,000 | ---D | M]

[2009/03/25 05:25:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/10/19 15:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/25 05:25:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/07/18 22:09:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\lhfeq1mk.default\extensions
[2008/09/04 15:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\lhfeq1mk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2008/11/18 00:22:06 | 00,002,354 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\lhfeq1mk.default\searchplugins\kiwee-live-search.xml
[2009/07/18 10:39:38 | 00,000,239 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\lhfeq1mk.default\searchplugins\Search.xml
[2009/08/27 23:27:12 | 00,001,183 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\lhfeq1mk.default\searchplugins\swagbuckscom.xml
[2009/08/30 11:45:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/22 17:27:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/03 05:52:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/06/30 18:04:13 | 00,024,683 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2009/05/12 14:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/12/10 20:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/12/04 03:01:05 | 01,140,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFxViewer.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/11 00:06:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/11 00:06:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/11 00:06:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/11 00:06:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/11 00:06:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/11 00:06:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/11 00:06:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/01 17:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/30 03:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 03:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 03:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 03:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 03:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 03:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 03:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (325214 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11154 more lines...
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-602609370-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-796845957-602609370-725345543-1003\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [VX3000] C:\windows\vVX3000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-796845957-602609370-725345543-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-796845957-602609370-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-796845957-602609370-725345543-1003\..Trusted Domains: //@install.mar@ ([]msni in My Computer)
O15 - HKU\S-1-5-21-796845957-602609370-725345543-1003\..Trusted Domains: //@mail.mar@ ([]msni in Local intranet)
O15 - HKU\S-1-5-21-796845957-602609370-725345543-1003\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.166.86.18 142.166.86.19 192.168.175.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/20 00:15:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/02 21:37:01 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/02 21:17:38 | 00,000,473 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\nuke.bat
[2009/09/01 19:02:10 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ri5e0l31.exe
[2009/09/01 18:56:32 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/01 18:53:26 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avenger.exe
[2009/09/01 18:52:50 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avenger.zip
[2009/08/30 18:18:31 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe
[2009/08/30 00:00:46 | 00,034,816 | ---- | C] () -- C:\windows\System32\drivers\rootrepeal2.sys
[2009/08/29 23:29:26 | 00,472,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/08/29 23:13:57 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/29 23:13:44 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2009/08/29 20:18:42 | 00,401,720 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis25.exe
[2009/08/29 20:17:03 | 00,401,720 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis69.exe
[2009/08/29 12:43:03 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\windows\System32\drivers\pavboot.sys
[2009/08/29 12:42:11 | 00,175,888 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\activescan2_en.exe
[2009/08/29 12:23:43 | 00,000,000 | -H-D | C] -- C:\windows\ie8
[2009/08/29 12:11:29 | 16,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/08/29 10:00:16 | 00,401,720 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2009/08/29 09:43:11 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/08/29 09:43:08 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF25094.exe
[2009/08/29 09:41:29 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF24783.exe
[2009/08/28 07:01:58 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/08/28 06:51:48 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF4303.exe
[2009/08/28 06:50:10 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CF3979.exe
[2009/08/28 03:45:40 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweakNow RegCleaner.lnk
[2009/08/28 03:45:38 | 00,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner
[2009/08/28 03:45:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TweakNow RegCleaner
[2009/08/28 03:23:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/08/28 02:36:02 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/28 02:21:30 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/27 23:46:52 | 00,019,968 | ---- | C] () -- C:\windows\System32\UACcmwlgsgwos.dll
[2009/08/27 23:46:50 | 00,029,696 | ---- | C] () -- C:\windows\System32\UACuthwbxspac.dll
[2009/08/27 23:46:40 | 01,390,820 | ---- | C] () -- C:\windows\System32\UACilqdrubvqe.db
[2009/08/27 23:46:38 | 00,000,174 | ---- | C] () -- C:\windows\System32\UACqbbmqeexgn.dat
[2009/08/27 23:46:36 | 00,006,611 | ---- | C] () -- C:\windows\System32\uacinit.dll
[2009/08/27 23:46:32 | 00,074,240 | ---- | C] () -- C:\windows\System32\UACjydmrxgafj.dll
[2009/08/27 23:46:14 | 00,026,624 | ---- | C] () -- C:\windows\System32\UACwtkdtudjhn.dll
[2009/08/27 23:46:08 | 00,000,278 | -H-- | C] () -- C:\windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/08/27 23:46:08 | 00,000,000 | -H-- | C] () -- C:\windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/22 00:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/08/22 00:13:47 | 00,001,469 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk
[2009/08/17 07:01:51 | 00,000,000 | ---D | C] -- C:\windows\temp
[2009/08/12 16:41:40 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dhtmled.ocx
[2009/08/12 16:41:31 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msoe.dll
[2009/08/11 17:41:48 | 00,000,211 | ---- | C] () -- C:\boot.ini.backup
[2009/08/11 17:18:54 | 00,000,000 | ---- | C] () -- C:\boot.ini
[2009/08/08 16:27:12 | 01,089,593 | ---- | C] () -- C:\windows\System32\dllcache\ntprint.cat
[2009/08/08 07:29:01 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/08/08 07:18:40 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/08 02:02:20 | 00,000,000 | ---D | C] -- C:\windows\System32\XPSViewer
[2009/08/08 02:02:15 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/08 02:02:06 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/08 02:01:43 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/08 02:01:43 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpsshhdr.dll
[2009/08/08 02:01:43 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpsshhdr.dll
[2009/08/08 02:01:43 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll
[2009/08/08 02:01:43 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\filterpipelineprintproc.dll
[2009/08/08 02:01:42 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpssvcs.dll
[2009/08/08 02:01:42 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpssvcs.dll
[2009/08/08 02:01:42 | 00,000,000 | ---D | C] -- C:\3fbb821871e1ba063bf35ce7be29e696
[2009/08/08 01:27:25 | 00,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2009/08/08 00:24:37 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/08/07 22:02:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Logs
[2009/08/05 05:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mswebdvd.dll
[2009/02/01 14:22:29 | 00,000,331 | ---- | C] () -- C:\windows\doom3.ini
[2008/12/28 21:21:17 | 00,137,344 | ---- | C] () -- C:\windows\System32\drivers\litsgt.sys
[2008/12/28 21:21:17 | 00,012,032 | ---- | C] () -- C:\windows\System32\drivers\tansgt.sys
[2008/11/17 23:14:37 | 00,339,968 | ---- | C] () -- C:\windows\System32\pythoncom25.dll
[2008/11/17 23:14:37 | 00,114,688 | ---- | C] () -- C:\windows\System32\pywintypes25.dll
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\windows\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\windows\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2008/10/03 07:41:40 | 00,020,482 | ---- | C] () -- C:\windows\System32\s3redis.dll
[2008/09/10 20:07:52 | 00,308,352 | R--- | C] () -- C:\windows\System32\drivers\PTV371.X64.SYS
[2008/09/10 20:07:51 | 00,299,776 | R--- | C] () -- C:\windows\System32\drivers\PTV371.X86.SYS
[2008/05/20 17:17:15 | 00,000,316 | ---- | C] () -- C:\windows\game.ini
[2008/03/29 14:33:04 | 00,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2008/02/16 12:12:05 | 00,028,674 | ---- | C] () -- C:\windows\System32\re2iinh.dll
[2008/01/18 22:42:25 | 00,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2008/01/18 22:42:25 | 00,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2008/01/18 22:42:25 | 00,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2007/10/13 18:04:22 | 00,022,328 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2007/09/11 06:53:40 | 00,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2007/06/18 18:02:28 | 00,000,871 | ---- | C] () -- C:\windows\QIII.INI
[2007/06/08 09:07:25 | 00,000,815 | ---- | C] () -- C:\windows\BZII.INI
[2007/05/26 20:10:13 | 00,000,121 | ---- | C] () -- C:\windows\disney.ini
[2007/05/26 20:10:02 | 00,000,205 | ---- | C] () -- C:\windows\disneysy.ini
[2007/04/19 16:28:58 | 00,010,240 | ---- | C] () -- C:\windows\System32\vidx16.dll
[2007/04/01 14:07:10 | 00,271,360 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2007/04/01 14:07:09 | 00,018,048 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2007/02/02 22:26:44 | 00,103,424 | ---- | C] () -- C:\windows\xobglu32.dll
[2007/02/02 22:26:43 | 00,063,488 | ---- | C] () -- C:\windows\xobglu16.dll
[2006/10/10 16:52:02 | 00,000,202 | ---- | C] () -- C:\windows\NeroDigital.ini
[2006/09/17 20:05:15 | 00,000,000 | ---- | C] () -- C:\windows\iPlayer.INI
[2006/07/12 12:22:23 | 00,003,654 | ---- | C] () -- C:\windows\System32\drivers\Sonyhcp.dll
[2006/04/15 17:53:56 | 00,000,836 | ---- | C] () -- C:\windows\hegames.ini
[2006/04/14 22:30:47 | 00,015,498 | ---- | C] () -- C:\windows\VX3000.ini
[2006/04/11 17:52:26 | 00,000,569 | ---- | C] () -- C:\windows\cdplayer.ini
[2006/04/06 20:56:44 | 00,001,891 | ---- | C] () -- C:\windows\WININIT.INI
[2006/04/05 20:09:47 | 00,000,016 | ---- | C] () -- C:\windows\encore_launcher.ini
[2006/04/05 19:30:07 | 00,000,000 | ---- | C] () -- C:\windows\ATIMMC.INI
[2006/03/29 15:59:19 | 00,000,023 | ---- | C] () -- C:\windows\BlendSettings.ini
[2006/03/23 16:09:10 | 00,000,033 | ---- | C] () -- C:\windows\LVMMail.INI
[2006/03/23 15:47:05 | 00,000,241 | ---- | C] () -- C:\windows\QSync.INI
[2006/03/21 18:42:28 | 00,000,016 | ---- | C] () -- C:\windows\RealityFusion.ini
[2006/03/20 20:24:07 | 00,000,000 | ---- | C] () -- C:\windows\muveeapp.INI
[2006/03/20 19:38:44 | 00,008,704 | ---- | C] () -- C:\windows\System32\CNMVS7K.DLL
[2006/03/20 19:37:44 | 00,000,532 | ---- | C] () -- C:\windows\MAXLINK.INI
[2006/03/19 19:43:03 | 00,000,617 | ---- | C] () -- C:\windows\SC2K4WIN.INI
[2006/03/19 16:12:46 | 00,294,912 | R--- | C] () -- C:\windows\System32\liplW7.dll
[2006/03/19 16:12:46 | 00,290,816 | R--- | C] () -- C:\windows\System32\liplA6.dll
[2006/03/19 16:12:46 | 00,278,528 | R--- | C] () -- C:\windows\System32\liplPX.dll
[2006/03/19 16:12:46 | 00,278,528 | R--- | C] () -- C:\windows\System32\liplP6.dll
[2006/03/19 16:12:46 | 00,278,528 | R--- | C] () -- C:\windows\System32\liplM6.dll
[2006/03/19 16:12:46 | 00,020,480 | R--- | C] () -- C:\windows\System32\lipl.dll
[2006/03/19 16:10:56 | 00,005,187 | R--- | C] () -- C:\windows\System32\lvcoinst.ini
[2006/03/19 15:26:56 | 00,056,320 | ---- | C] () -- C:\windows\System32\iyvu9_32.dll
[2006/03/19 03:33:36 | 00,000,810 | ---- | C] () -- C:\windows\Rtcw.INI
[2006/03/19 03:00:33 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2006/03/19 02:52:20 | 00,000,254 | ---- | C] () -- C:\windows\7THLEVEL.INI
[2006/03/09 15:29:00 | 01,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2006/03/09 15:29:00 | 01,474,560 | ---- | C] () -- C:\windows\System32\nview.dll
[2006/03/09 15:29:00 | 01,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2006/03/09 15:29:00 | 00,573,440 | ---- | C] () -- C:\windows\System32\nvhwvid.dll
[2006/03/09 15:29:00 | 00,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2006/03/09 15:29:00 | 00,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2004/11/24 15:25:52 | 00,335,872 | ---- | C] ( ) -- C:\windows\System32\drvc.dll
[2004/10/12 02:40:58 | 02,255,360 | ---- | C] () -- C:\windows\System32\libavcodec.dll
[2004/10/12 02:39:48 | 00,028,160 | ---- | C] () -- C:\windows\System32\ff_wmv9.dll
[2004/10/12 02:39:08 | 00,110,592 | ---- | C] () -- C:\windows\System32\ff_theora.dll
[2004/10/09 02:40:16 | 00,454,144 | ---- | C] () -- C:\windows\System32\ff_x264.dll
[2004/10/05 04:16:08 | 00,395,776 | ---- | C] () -- C:\windows\System32\libmplayer.dll
[2004/10/03 13:50:54 | 00,129,024 | ---- | C] () -- C:\windows\System32\ff_mpeg2enc.dll
[2004/08/04 08:00:00 | 00,022,528 | ---- | C] () -- C:\windows\System32\unsthel.dll
[2004/08/04 08:00:00 | 00,001,259 | ---- | C] () -- C:\windows\win.ini
[2004/08/04 08:00:00 | 00,000,261 | ---- | C] () -- C:\windows\system.ini
[2004/01/28 11:42:06 | 00,066,560 | ---- | C] () -- C:\windows\System32\atiyuv12.dll
[2004/01/28 11:42:06 | 00,013,601 | ---- | C] () -- C:\windows\System32\vctest.ini
[2002/01/01 21:43:06 | 00,037,888 | ---- | C] () -- C:\windows\System32\setupnt.dll
[2002/01/01 01:08:17 | 00,061,440 | ---- | C] () -- C:\windows\System32\vuins32.dll
[2002/01/01 01:04:15 | 00,016,546 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2002/01/01 01:04:15 | 00,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2002/01/01 01:04:11 | 00,005,824 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[1999/01/27 14:39:06 | 00,065,024 | ---- | C] () -- C:\windows\System32\indounin.dll

========== Files - Modified Within 30 Days ==========

[2 C:\windows\System32\drivers\*.tmp files]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/09/02 21:37:07 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/02 21:32:14 | 00,002,422 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/09/02 21:32:13 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/09/02 21:32:04 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/09/02 21:17:39 | 00,000,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\nuke.bat
[2009/09/02 21:16:49 | 00,006,611 | ---- | M] () -- C:\windows\System32\uacinit.dll
[2009/09/02 21:16:47 | 00,074,240 | ---- | M] () -- C:\windows\System32\UACjydmrxgafj.dll
[2009/09/02 12:00:00 | 00,000,278 | -H-- | M] () -- C:\windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/02 07:40:01 | 00,000,314 | ---- | M] () -- C:\windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/09/02 07:05:00 | 00,000,380 | ---- | M] () -- C:\windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/09/01 23:44:13 | 00,000,202 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/09/01 23:36:44 | 10,068,058 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/09/01 19:02:15 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ri5e0l31.exe
[2009/09/01 18:52:51 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avenger.zip
[2009/09/01 18:46:06 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe
[2009/08/30 00:00:57 | 00,034,816 | ---- | M] () -- C:\windows\System32\drivers\rootrepeal2.sys
[2009/08/29 23:29:27 | 00,472,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/08/29 23:13:44 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RSIT.exe
[2009/08/29 20:18:42 | 00,401,720 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis25.exe
[2009/08/29 20:17:04 | 00,401,720 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis69.exe
[2009/08/29 12:42:11 | 00,175,888 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\activescan2_en.exe
[2009/08/29 12:13:51 | 16,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/08/29 10:00:17 | 00,401,720 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2009/08/29 09:42:30 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF25094.exe
[2009/08/29 09:40:55 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF24783.exe
[2009/08/28 23:21:56 | 17,149,9520 | ---- | M] () -- C:\windows\MEMORY.DMP
[2009/08/28 07:01:58 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/08/28 06:51:14 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF4303.exe
[2009/08/28 06:49:35 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\CF3979.exe
[2009/08/28 03:45:40 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweakNow RegCleaner.lnk
[2009/08/28 03:00:03 | 00,000,000 | -H-- | M] () -- C:\windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/27 23:46:52 | 00,019,968 | ---- | M] () -- C:\windows\System32\UACcmwlgsgwos.dll
[2009/08/27 23:46:51 | 00,029,696 | ---- | M] () -- C:\windows\System32\UACuthwbxspac.dll
[2009/08/27 23:46:50 | 01,390,820 | ---- | M] () -- C:\windows\System32\UACilqdrubvqe.db
[2009/08/27 23:46:38 | 00,000,174 | ---- | M] () -- C:\windows\System32\UACqbbmqeexgn.dat
[2009/08/27 23:46:14 | 00,026,624 | ---- | M] () -- C:\windows\System32\UACwtkdtudjhn.dll
[2009/08/27 21:10:03 | 00,325,214 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.bak
[2009/08/27 21:10:03 | 00,325,214 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2009/08/27 21:03:50 | 00,325,214 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090827-211003.backup
[2009/08/27 20:39:37 | 00,001,891 | ---- | M] () -- C:\windows\WININIT.INI
[2009/08/26 23:44:04 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/08/26 21:40:00 | 00,325,214 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090827-210350.backup
[2009/08/26 09:01:22 | 00,325,214 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090826-214000.backup
[2009/08/25 21:52:23 | 00,323,530 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090826-090122.backup
[2009/08/25 10:27:15 | 00,323,530 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090825-215223.backup
[2009/08/24 21:59:13 | 00,323,530 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090825-102715.backup
[2009/08/23 20:38:52 | 00,323,530 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090824-215913.backup
[2009/08/23 15:03:18 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\windows\PEV.exe
[2009/08/23 00:49:16 | 00,323,530 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090823-203852.backup
[2009/08/22 17:27:09 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/22 01:12:55 | 00,323,530 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090823-004915.backup
[2009/08/22 00:13:47 | 00,001,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk
[2009/08/20 08:28:51 | 00,323,530 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090822-011255.backup
[2009/08/18 20:48:59 | 00,320,788 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090820-082851.backup
[2009/08/18 09:56:13 | 00,320,788 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090818-204859.backup
[2009/08/17 21:32:56 | 00,320,788 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090818-095613.backup
[2009/08/17 06:59:14 | 00,000,261 | ---- | M] () -- C:\windows\system.ini
[2009/08/16 20:24:43 | 00,320,788 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090817-213256.backup
[2009/08/15 19:10:08 | 00,320,788 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20090816-202443.backup
[2009/08/12 11:12:47 | 00,000,023 | ---- | M] () -- C:\windows\BlendSettings.ini
[2009/08/11 18:47:11 | 00,000,617 | ---- | M] () -- C:\windows\SC2K4WIN.INI
[2009/08/11 17:18:54 | 00,000,000 | ---- | M] () -- C:\boot.ini
[2009/08/08 07:18:41 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2009/08/08 07:11:43 | 00,063,872 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/08 06:14:15 | 01,546,928 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2009/08/08 02:05:59 | 00,501,230 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/08/08 02:05:59 | 00,441,124 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/08/08 02:05:59 | 00,071,060 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mswebdvd.dll
[2009/08/05 05:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mswebdvd.dll

========== LOP Check ==========

[2006/03/19 19:05:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/07/27 23:37:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/12 00:25:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/16 00:04:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/10/05 17:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/07/10 16:27:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI MMC
[2009/06/30 18:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/03/20 19:38:46 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2006/09/17 20:03:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/02/26 08:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/02/26 07:52:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/10/21 23:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2008/09/04 15:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/03/01 09:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit Canada
[2008/10/21 23:28:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2006/03/19 20:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/02/18 20:00:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/03/24 18:49:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/11/27 21:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiComponents
[2009/01/26 06:49:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2006/03/20 19:37:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/03/20 19:37:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/07/10 16:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2007/10/14 09:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009/02/16 14:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/01 09:16:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/06/30 22:20:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/03/19 19:05:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009/07/09 16:52:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2008/11/17 23:15:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2008/11/20 00:44:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2008/11/20 00:44:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\agi
[2009/08/28 03:45:38 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data
[2002/01/01 21:48:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis
[2007/10/22 21:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2008/09/10 20:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2008/11/20 06:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ATI MMC
[2009/07/10 23:57:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/08/26 22:11:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2008/09/22 19:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2008/05/25 10:24:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Clickteam
[2007/08/09 09:06:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Command & Conquer 3 Tiberium Wars
[2007/05/26 20:12:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Disney Interactive Studios
[2009/02/25 02:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Download Manager
[2008/09/28 19:32:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FUJIFILM
[2009/02/16 10:09:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Graboid Inc
[2001/12/31 14:23:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Grisoft
[2008/03/13 23:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/03/01 09:48:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Intuit Canada
[2009/07/09 00:57:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2006/03/19 21:48:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/09/12 19:06:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LG Electronics
[2009/08/09 12:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/08/07 22:02:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Logs
[2009/07/10 00:09:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Messenger
[2006/04/02 19:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2008/08/06 10:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2008/02/06 20:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2008/08/22 17:24:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2006/03/20 19:37:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2007/05/26 20:12:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data\SecuROM
[2008/09/12 18:55:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2009/02/19 21:36:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SPORE
[2007/10/14 09:14:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Teleca
[2009/08/28 03:45:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TweakNow RegCleaner
[2008/09/04 16:13:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2009/08/28 03:23:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2002/01/02 19:34:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2009/08/26 23:44:04 | 00,000,284 | ---- | M] () -- C:\windows\Tasks\AppleSoftwareUpdate.job
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini
[2009/09/02 21:32:13 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT
[2009/09/02 07:05:00 | 00,000,380 | ---- | M] () -- C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/09/02 07:40:01 | 00,000,314 | ---- | M] () -- C:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/08/28 03:00:03 | 00,000,000 | -H-- | M] () -- C:\windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/02 12:00:00 | 00,000,278 | -H-- | M] () -- C:\windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


HERE IS THE EXTRAS.TXT

OTL Extras logfile created on: 02/09/2009 9:37:49 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1023.29 Mb Total Physical Memory | 590.96 Mb Available Physical Memory | 57.75% Memory free
3.91 Gb Paging File | 3.62 Gb Available in Paging File | 92.76% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 59.66 Gb Free Space | 25.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-B7538C8835
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\System32\CScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:msmsgs -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\DreamCatcher\Painkiller Overdose\Bin\Overdose.exe" = C:\Program Files\DreamCatcher\Painkiller Overdose\Bin\Overdose.exe:*:Enabled:Painkiller Overdose -- (Mindware Studios)
"C:\Program Files\DreamCatcher\Painkiller Overdose\Bin\OverdoseEditor.exe" = C:\Program Files\DreamCatcher\Painkiller Overdose\Bin\OverdoseEditor.exe:*:Enabled:Painkiller Overdose Editor -- (Mindware Studios)
"C:\Program Files\DreamCatcher\Painkiller Overdose\Bin\OverdoseServer.exe" = C:\Program Files\DreamCatcher\Painkiller Overdose\Bin\OverdoseServer.exe:*:Enabled:Painkiller Overdose Console Server -- (Mindware Studios)
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe" = C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\ADS Tech\MediaTV 3\MediaTV.exe" = C:\Program Files\ADS Tech\MediaTV 3\MediaTV.exe:LocalSubNet:Enabled:ADS Tech MediaTV 3 -- (ADS Corp.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe" = C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars™ -- (Splash Damage, Ltd.)
"C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe" = C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:*:Enabled:etqwded.exe -- (Splash Damage, Ltd.)
"C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe" = C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Disabled:SplinterCell4 -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}" = HP Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7299E7F8-6921-4588-9A83-9BB7B867706F}" = MAX-FX Tools
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFC7570-DD90-486E-A239-E31D455BDE93}" = Microsoft LifeCam
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{90AB0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{90AC0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{94F3D243-2006-4B2D-9160-C2A33F74BB84}" = Windows Media Center Edition MPEG Codec Plug-in
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A19679-4C07-4B34-8ACB-D5565C3440FC}" = Stronghold
"{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1" = Cryostasis (Remove Only)
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}" = Prey
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars™
"{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}" = Condemned - Criminal Origins
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5ADA65A-7828-4D85-B071-ECC52B51F794}" = Sony Ericsson PC Suite 1.20.173
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CACE3FCE-4906-47CC-9873-BFC4E5943C12}" = ADS Tech MediaTV 3
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E0303B6A-C675-4102-95DA-C013625BFA99}" = GTA San Andreas
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E47BA573-BBC4-40C1-8A7D-B25F2F2B0DAE}" = Far Cry (Patch 1.32)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6882759-2522-4744-A117-615651ADE66F}" = TitanTV Client components for ATI
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}" = QuickTax 2006
"Action Replay Code Manager_is1" = Action Replay Code Manager
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Electronic Arts Game Updater" = Electronic Arts Game Updater
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® XP Software" = Indeo® XP Software
"InstallShield_{3CBA0E30-6F54-47EF-910E-1D4D450AFE45}" = ATI Multimedia Center 9.13
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"InstallShield_{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars™
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"LimeWire" = LimeWire 5.1.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSN Toolbar" = MSN Toolbar
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Painkiller Overdose_is1" = Painkiller Overdose build 75 (NA)
"PhotoShow Express 4" = PhotoShow Express 4
"Picasa 3" = Picasa 3
"Quake III Arena" = Quake III Arena
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ToolBox" = NCH Toolbox
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Vuze" = Vuze
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-796845957-602609370-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Messenger Update" = Messenger Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/08/2009 2:23:26 AM | Computer Name = HOME-B7538C8835 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 28/08/2009 2:50:28 AM | Computer Name = HOME-B7538C8835 | Source = Application Error | ID = 1000
Description = Faulting application msconfig.exe, version 5.1.2600.5512, faulting
module mfc42u.dll, version 6.2.8071.0, fault address 0x000040bc.

Error - 29/08/2009 12:38:01 PM | Computer Name = HOME-B7538C8835 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module 3cae0f5a.x86.dll, version 0.0.0.0, fault address 0x00004182.

Error - 29/08/2009 12:38:06 PM | Computer Name = HOME-B7538C8835 | Source = Application Error | ID = 1001
Description = Fault bucket 1437328230.

Error - 29/08/2009 8:30:22 PM | Computer Name = HOME-B7538C8835 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module a050e966.x86.dll, version 0.0.0.0, fault address 0x00004182.

Error - 29/08/2009 9:08:52 PM | Computer Name = HOME-B7538C8835 | Source = Application Error | ID = 1000
Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module
smitfraudfix.exe, version 0.0.0.0, fault address 0x00001000.

Error - 29/08/2009 9:09:05 PM | Computer Name = HOME-B7538C8835 | Source = Application Error | ID = 1000
Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module
smitfraudfix.exe, version 0.0.0.0, fault address 0x00001000.

Error - 29/08/2009 9:12:47 PM | Computer Name = HOME-B7538C8835 | Source = Application Error | ID = 1000
Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module
smitfraudfix.exe, version 0.0.0.0, fault address 0x00001000.

Error - 30/08/2009 9:56:56 AM | Computer Name = HOME-B7538C8835 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00d53973.

Error - 02/09/2009 9:14:39 PM | Computer Name = HOME-B7538C8835 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00d73973.

[ System Events ]
Error - 02/09/2009 9:21:14 PM | Computer Name = HOME-B7538C8835 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\windows\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 02/09/2009 9:21:14 PM | Computer Name = HOME-B7538C8835 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\windows\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 02/09/2009 9:22:10 PM | Computer Name = HOME-B7538C8835 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 02/09/2009 9:32:14 PM | Computer Name = HOME-B7538C8835 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\windows\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 02/09/2009 9:32:14 PM | Computer Name = HOME-B7538C8835 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\windows\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 02/09/2009 9:32:16 PM | Computer Name = HOME-B7538C8835 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\windows\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 02/09/2009 9:32:16 PM | Computer Name = HOME-B7538C8835 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\windows\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 02/09/2009 9:32:37 PM | Computer Name = HOME-B7538C8835 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\windows\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 02/09/2009 9:32:37 PM | Computer Name = HOME-B7538C8835 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\windows\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 02/09/2009 9:33:34 PM | Computer Name = HOME-B7538C8835 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126


< End of report >


As for wondering how my computer is running now.........I will reboot after posting and let you know if anything weird happens by the morning (like that voice coming out of my screen and stalking me- The Grudge style!!!)

Thank you ~t

Laura


***Morning update****

No voices but I tried navigating from this site and just doing a search in google and BAM.......I got redirected several times!! This is a NEW problem

Edited by lola69, 03 September 2009 - 06:15 AM.


#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 03 September 2009 - 09:34 AM

Hi there,
Thanks for the update.
You are still infected. We still have a lot of work to do. Let me review those logs and your instructions will be forthcoming.
Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users