Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

originally infected with Total Security 2009, removed it but still having things go crazy on me?


  • This topic is locked This topic is locked
16 replies to this topic

#1 emopants92

emopants92

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 05 October 2009 - 11:16 PM

Ok about 2 weeks ago i was infected with the Total Security 2009 malware, and updated version of the Total Security. Well it infected giving me the bogus total security program coming up, changing my desktop background saying im infected,etc. This is the link to my previous topic that i got help with to run a log, it has more info on whats going on (http://www.bleepingcomputer.com/forums/index.php?showtopic=261376&st=0&gopid=1448207&#entry1448207 ) I ran Win32kdiag.exe and here is the log below

Running from: C:Documents and SettingsSparklesDesktopWin32kDiag.exe

Log file at : C:Documents and SettingsSparklesDesktopWin32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:WINDOWS'...



Found mount point : C:WINDOWS$hf_mig$KB915865KB915865

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages_v2.0.50727_32TempZAP74E.tmpZAP74E.tmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYNativeImages_v2.0.50727_32TempZAP8DF.tmpZAP8DF.tmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSASSEMBLYTMPTMP

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSConfigConfig

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSConnection WizardConnection Wizard

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSDebugUserModeUserMode

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSHelpSBSITrainingWXPPerCbzCbz

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSHelpSBSITrainingWXPPerLibLib

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSHelpSBSITrainingWXPPerWaveWave

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSIMECHSIMEAPPLETSAPPLETS

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSIMECHTIMEAppletsApplets

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSIMEIMEJPAPPLETSAPPLETS

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSIMEIMEJP98IMEJP98

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSIMEIMJP8_1APPLETSAPPLETS

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSIMEIMKR6_1APPLETSAPPLETS

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSIMEIMKR6_1DICTSDICTS

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSIMESHAREDRESRES

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$Managed00002109411090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$Managed00002109440090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$Managed00002109511090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$Managed00002109711090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$Managed00002109910090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$Managed00002109B10090400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$Managed00002109F100A0C00000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$Managed00002109F100C0400000000000F01FEC12.0.451812.0.4518

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$Managed0DC1503A46F231838AD88BCDDC8E8F7C3.2.307293.2.30729

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSInstaller$PatchCache$ManagedDC3BF90CC0D3D2F398A9A6D1762F70F32.2.307292.2.30729

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSJAVACLASSESCLASSES

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSJAVATRUSTLIBTRUSTLIB

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Temporary ASP.NET FilesBind LogsBind Logs

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET FilesTemporary ASP.NET Files

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMSAPPSMSINFOMSINFO

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSmsdownld.tmpmsdownld.tmp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSMUIMUI

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHERRORREPQHEADLESQHEADLES

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHERRORREPQSIGNOFFQSIGNOFF

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHHELPCTRBATCHBATCH

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHHELPCTRConfigCheckPointCheckPoint

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHHELPCTRHelpFilesHelpFiles

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHHELPCTRInstalledSKUsInstalledSKUs

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHHELPCTRSystemDFSDFS

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSPCHEALTHHELPCTRTempTemp

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSRegistrationCRMLogCRMLog

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSSoftwareDistributionAuthCabsDownloadedDownloaded

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSSunJavaDeploymentDeployment

Mount point destination : Device__max++>^

Found mount point : C:WINDOWSSxsCaPendDelSxsCaPendDel

Mount point destination : Device__max++>^

Cannot access: C:WINDOWSSYSTEM32CONFIGsystemprofileLocal SettingsTemporary Internet FilesContent.IE58NU7KD2XCobalt_728x90[1].jpg

[1] 2009-09-21 01:02:55 18217 C:WINDOWSSYSTEM32CONFIGsystemprofileLocal SettingsTemporary Internet FilesContent.IE58NU7KD2XCobalt_728x90[1].jpg ()



Cannot access: C:WINDOWSSYSTEM32CONFIGsystemprofileLocal SettingsTemporary Internet FilesContent.IE58NU7KD2Xfooter_bg[1].gif

[1] 2009-09-21 01:02:55 280 C:WINDOWSSYSTEM32CONFIGsystemprofileLocal SettingsTemporary Internet FilesContent.IE58NU7KD2Xfooter_bg[1].gif ()



Cannot access: C:WINDOWSSYSTEM32CONFIGsystemprofileLocal SettingsTemporary Internet FilesContent.IE5Q9C2FLO0ad_js[1].htm

[1] 2009-09-21 01:02:54 71 C:WINDOWSSYSTEM32CONFIGsystemprofileLocal SettingsTemporary Internet FilesContent.IE5Q9C2FLO0ad_js[1].htm ()



Cannot access: C:WINDOWSSYSTEM32CONFIGsystemprofileLocal SettingsTemporary Internet FilesContent.IE5Q9C2FLO0logo[1].jpg

[1] 2009-09-21 01:02:54 26369 C:WINDOWSSYSTEM32CONFIGsystemprofileLocal SettingsTemporary Internet FilesContent.IE5Q9C2FLO0logo[1].jpg ()

still need help and i turned my computer on today and found now i have windows police pro starting up, but cant run malewarebyets to get rid of it

ive done some reading up and it looks like im infected with something called Win32k? so anyhelp would be good

Edited by boopme, 13 October 2009 - 07:20 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:17 PM

Posted 15 October 2009 - 12:56 PM

Hi,

Looks like you didn't let win32kdiag run long enough. Please run it again and this time give some more time for it to finish.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 16 October 2009 - 08:41 AM

Running from: C:\Documents and Settings\Sparkles\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Sparkles\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP2D3.tmp\ZAP2D3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP74E.tmp\ZAP74E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP8DF.tmp\ZAP8DF.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\TEMP\TEMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\SHARED\RES\RES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\JAVA\CLASSES\CLASSES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\MUI\MUI

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe

[1] 2004-11-30 15:46:38 654848 C:\WINDOWS\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe ()



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe

[1] 2004-11-30 15:46:38 654848 C:\WINDOWS\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe ()



Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe

[1] 2004-11-30 15:46:38 654848 C:\WINDOWS\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe ()



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe

[1] 2004-11-30 15:46:38 654848 C:\WINDOWS\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe ()



Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe

[1] 2004-11-30 15:46:38 654848 C:\WINDOWS\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe ()



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe

[1] 2004-11-30 15:46:38 654848 C:\WINDOWS\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe ()



Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe

[1] 2004-11-30 15:46:38 654848 C:\WINDOWS\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe ()



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe

[1] 2004-11-30 15:46:38 654848 C:\WINDOWS\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe ()



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe

[1] 2004-11-30 15:46:38 654848 C:\WINDOWS\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe ()

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe ()

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe ()

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe ()

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe ()

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe ()



Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8NU7KD2X\Cobalt_728x90[1].jpg

[1] 2009-09-21 01:02:55 18217 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8NU7KD2X\Cobalt_728x90[1].jpg ()



Cannot access: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8NU7KD2X\footer_bg[1].gif

[1] 2009-09-21 01:02:55 280 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8NU7KD2X\footer_bg[1].gif ()



Cannot access: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q9C2FLO0\ad_js[1].htm

[1] 2009-09-21 01:02:54 71 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q9C2FLO0\ad_js[1].htm ()



Cannot access: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q9C2FLO0\logo[1].jpg

[1] 2009-09-21 01:02:54 26369 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q9C2FLO0\logo[1].jpg ()



Cannot access: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WP8TKDI5\header_bg[1].gif

[1] 2009-09-21 01:02:55 57 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WP8TKDI5\header_bg[1].gif ()



Cannot access: C:\WINDOWS\SYSTEM32\dumprep.exe

[1] 2004-08-04 03:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:18 10752 C:\WINDOWS\SYSTEM32\dumprep.exe ()

[1] 2008-04-13 17:12:18 10752 C:\i386\dumprep.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\SYSTEM32\eventlog.dll

[1] 2004-08-04 03:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 61952 C:\WINDOWS\SYSTEM32\eventlog.dll ()

[2] 2008-04-13 17:11:53 56320 C:\WINDOWS\SYSTEM32\logevent.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 C:\i386\eventlog.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\SYSTEM32\MRT.exe

[1] 2009-10-02 11:01:57 25198016 C:\WINDOWS\SYSTEM32\MRT.exe ()



Found mount point : C:\WINDOWS\Temp\History\Results\Results

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\hsperfdata_SYSTEM\hsperfdata_SYSTEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:17 PM

Posted 16 October 2009 - 12:23 PM

Hi,
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Files to move:
    C:\WINDOWS\SYSTEM32\logevent.dll|C:\WINDOWS\SYSTEM32\eventlog.dll
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 17 October 2009 - 05:14 PM

Running from: C:\Documents and Settings\Sparkles\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Sparkles\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Found mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059

Found mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486

Found mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525

Found mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112

Found mount point : C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8

Found mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571

Found mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025

Found mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP2C.tmp\ZAP2C.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP2C.tmp\ZAP2C.tmp

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP2D3.tmp\ZAP2D3.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP2D3.tmp\ZAP2D3.tmp

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP74E.tmp\ZAP74E.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP74E.tmp\ZAP74E.tmp

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP8DF.tmp\ZAP8DF.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP8DF.tmp\ZAP8DF.tmp

Found mount point : C:\WINDOWS\ASSEMBLY\TEMP\TEMP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\TEMP\TEMP

Found mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Found mount point : C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS

Found mount point : C:\WINDOWS\IME\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS

Found mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98

Found mount point : C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS

Found mount point : C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS

Found mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS

Found mount point : C:\WINDOWS\IME\SHARED\RES\RES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\SHARED\RES\RES

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\JAVA\CLASSES\CLASSES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\JAVA\CLASSES\CLASSES

Found mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\MUI\MUI

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\MUI\MUI

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\update\update.exe

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Cannot access: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8NU7KD2X\Cobalt_728x90[1].jpg

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8NU7KD2X\Cobalt_728x90[1].jpg

[1] 2009-09-21 01:02:55 18217 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8NU7KD2X\Cobalt_728x90[1].jpg ()



Cannot access: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8NU7KD2X\footer_bg[1].gif

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8NU7KD2X\footer_bg[1].gif

[1] 2009-09-21 01:02:55 280 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8NU7KD2X\footer_bg[1].gif ()



Cannot access: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q9C2FLO0\ad_js[1].htm

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q9C2FLO0\ad_js[1].htm

[1] 2009-09-21 01:02:54 71 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q9C2FLO0\ad_js[1].htm ()



Cannot access: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q9C2FLO0\logo[1].jpg

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q9C2FLO0\logo[1].jpg

[1] 2009-09-21 01:02:54 26369 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q9C2FLO0\logo[1].jpg ()



Cannot access: C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WP8TKDI5\header_bg[1].gif

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WP8TKDI5\header_bg[1].gif

[1] 2009-09-21 01:02:55 57 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WP8TKDI5\header_bg[1].gif ()



Cannot access: C:\WINDOWS\SYSTEM32\dumprep.exe

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\dumprep.exe

Cannot access: C:\WINDOWS\SYSTEM32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\MRT.exe

Found mount point : C:\WINDOWS\Temp\History\Results\Results

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\History\Results\Results

Found mount point : C:\WINDOWS\Temp\hsperfdata_SYSTEM\hsperfdata_SYSTEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\hsperfdata_SYSTEM\hsperfdata_SYSTEM

Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\RtSigs\Data\Data

Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\_avast4_\_avast4_

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



Finished!




//////////////////////////////////////////


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\SYSTEM32\logevent.dll|C:\WINDOWS\SYSTEM32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:17 PM

Posted 18 October 2009 - 04:06 AM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 18 October 2009 - 01:07 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/13/2008 8:24:29 PM
System Uptime: 10/18/2009 9:10:02 AM (2 hours ago)

Motherboard: Dell Computer Corp. | | 0K8980
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 0.924 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
2Wire Wireless Client
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ATT-HSI
ATT-PRT22
avast! Antivirus
AviSynth 2.5
Bonjour
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
Critical Update for Windows Media Player 11 (KB959772)
Deer Hunt 3D
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Digital Voice Editor 3
Disney Pirates of the Caribbean Online
FastStone Image Viewer 3.7
Glary Utilities 2.13.0.689
GOM Player
Google Updater
Halloween 3 Screensaver
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hurchalla Maple VMidi Cable v3.56
ImgBurn
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 15
Java™ 6 Update 7
Learn2 Player (Uninstall Only)
Lemonade Tycoon 2
Lexmark 3600-4600 Series
Lexmark Toolbar
Lexmark Tools for Office
Macromedia Flash Player
Malwarebytes' Anti-Malware
Max Runtime 5.0.5
MediaMonkey 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Xbox 360 Accessories 1.1
Mozilla Firefox (3.0.14)
MSXML 4.0 SP2 (KB954430)
Nero 7 Ultra Edition
neroxml
Panda ActiveScan 2.0
PDF Settings
PeerGuardian 2.0
picture-shark 1.0
PokerStars.net
PosteRazor
PowerISO
QuickTime
RealPlayer
Replay AV 8
Replay Converter 2.8
Safari
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
snapter
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
Spyware Doctor 6.1
System Requirements Lab
TimeTrek
Uniblue RegistryBooster 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (KB974810)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WD Diagnostics
WebFldrs XP
WinAlarm (remove only)
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
YouSendIt Application Plug-in SDK
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

10/13/2009 8:48:48 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
10/13/2009 2:04:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/13/2009 2:04:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SCDEmu Tcpip
10/13/2009 2:04:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
10/13/2009 2:04:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 2:04:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 2:04:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 2:04:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 2:04:00 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 2:04:00 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/13/2009 2:04:00 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/13/2009 2:03:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/13/2009 1:04:05 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Mozilla Firefox\crashreporter.exe. Reference error message: The operation completed successfully. .
10/12/2009 5:18:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
10/12/2009 5:18:22 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 5:18:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WDefend service to connect.
10/12/2009 5:18:15 PM, error: Service Control Manager [7000] - The WDefend service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2009 11:54:13 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
10/12/2009 11:54:13 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/11/2009 11:05:19 PM, error: DCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%8" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

==== End Of File ===========================




DDS (Ver_09-09-29.01) - NTFSx86
Run by Sparkles at 11:03:33.37 on Sun 10/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.147 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 091017-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\FastNetSrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\DOCUME~1\Sparkles\LOCALS~1\Temp\notepad.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Sparkles\LOCALS~1\Temp\gqlbij3u.tmp\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: c:\windows\system32\ygsuhdf83id.dll: {ba603215-23f2-42ad-f4e4-00aac39caa53} - c:\windows\system32\ygsuhdf83id.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Yjafosi8kdf98winmdkmnkmfnwe] c:\docume~1\sparkles\locals~1\temp\notepad.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [calc] rundll32.exe c:\docume~1\sparkles\ntuser.dll,_IWMPEvents@0
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
mRun: [Orotetaco] rundll32.exe "c:\windows\ecavukubon.dll",Startup
dRun: [PopRock] c:\windows\temp\b.exe
dRun: [Login Software 2009] c:\windows\temp\zkf0s.exe
dRun: [WIndows Rescue Disk] c:\windows\temp\smss.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [calc] rundll32.exe c:\docume~1\networ~1\ntuser.dll,_IWMPEvents@0
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1238715765218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\ygsuhdf83id.dll: {ba603215-23f2-42ad-f4e4-00aac39caa53} - c:\windows\system32\ygsuhdf83id.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
LSA: Notification Packages = scecli eser132.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sparkles\applic~1\mozilla\firefox\profiles\a6jtm0oz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\sparkles\application data\mozilla\firefox\profiles\a6jtm0oz.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\sparkles\application data\mozilla\firefox\profiles\a6jtm0oz.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {99E995A6-D554-4320-9829-8188EB868B59} - c:\documents and settings\sparkles\local settings\application data\{99E995A6-D554-4320-9829-8188EB868B59}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-25 206256]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-22 114768]
R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2008-12-23 24720]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-22 138680]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2004-8-4 94720]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-22 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-22 352920]
S2 WDefend;WDefend;c:\windows\svohost.exe [2009-10-9 333312]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2009-8-8 11264]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11.tmp --> c:\windows\system32\11.tmp [?]
S3 mfsdisk;mfsdisk;c:\windows\system32\mfsdisk.sys [2004-8-4 2304]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-25 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-25 1097096]

=============== Created Last 30 ================

2009-10-17 10:36 0 a------- c:\windows\Gminuzi.bin
2009-10-17 10:36 120 a------- c:\windows\Sxoqokidu.dat
2009-10-13 16:03 <DIR> --d----- c:\windows\pss
2009-10-12 17:21 4 a------- c:\windows\system32\bincd32.dat
2009-10-09 09:01 <DIR> --d----- c:\windows\system32\schtml
2009-10-09 08:57 333,312 a------- c:\windows\svohost.exe
2009-10-09 08:57 58 a------- c:\windows\wp4.dat
2009-10-09 08:57 3 a------- c:\windows\wp3.dat
2009-10-09 08:57 654,336 a------- c:\windows\system32\plugie.dll
2009-10-09 08:57 9 a------- c:\windows\system32\nuar.old
2009-10-09 08:57 556,032 a------- c:\windows\system32\pump.exe
2009-10-09 08:57 <DIR> --d----- c:\program files\Windows Police Pro
2009-10-04 02:49 0 a------- c:\documents and settings\sparkles\settings.dat
2009-10-03 10:58 <DIR> --d----- c:\program files\Sophos
2009-10-03 10:52 <DIR> --dsh--- c:\documents and settings\sparkles\IECompatCache
2009-09-30 21:26 <DIR> --d----- c:\program files\Panda Security
2009-09-30 19:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 19:10 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-30 19:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 18:13 152,894,674 a------- C:\regbackup.reg
2009-09-30 15:00 <DIR> --d----- c:\program files\Uniblue
2009-09-26 12:25 <DIR> --d----- c:\docume~1\sparkles\applic~1\Uniblue
2009-09-26 01:59 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-25 15:40 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-25 15:40 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-25 15:40 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-25 15:40 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-25 15:40 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-25 15:40 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-25 15:40 <DIR> --d----- c:\docume~1\sparkles\applic~1\PC Tools
2009-09-25 15:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-23 15:45 0 a------- c:\windows\system32\41.exe
2009-09-23 15:44 528,384 a------- c:\windows\system32\AVR09.exe
2009-09-23 15:44 15,000 a------- c:\windows\system32\ygsuhdf83id.dll
2009-09-22 20:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\10351564
2009-09-22 20:51 0 a------- c:\windows\win32k.sys
2009-09-21 05:29 987 a------- c:\windows\wininit.ini
2009-09-20 23:54 204 a------- c:\windows\system32\MQ32TMP.bat.bat

==================== Find3M ====================

2009-09-11 07:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 07:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 14:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 14:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-09-01 12:25 67,288 a---h--- c:\windows\system32\mlfcache.dat
2009-08-28 03:35 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 01:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 01:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 08:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 07:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 07:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 07:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2007-03-09 00:12 27,648 a--sh--- c:\windows\system32\AVSredirect.dll

============= FINISH: 11:05:30.50 ===============

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:17 PM

Posted 18 October 2009 - 01:25 PM

Hi,

It's recommended to uninstall P2P file sharing software (uTorrent at least) you have there. P2P downloads is nowadays one of the major infection sources.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 18 October 2009 - 07:36 PM

okay here are the two logs, my only question is that i keep getting a ballon on my taskbar saying _________ file corrupt run chkdsk utility, should i run the chkdsk?

ComboFix 09-10-17.01 - Sparkles 10/18/2009 16:48.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.421 [GMT -7:00]
Running from: c:\documents and settings\Sparkles\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091018-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Sparkles\LOCALS~1\Temp\csrss.exe
c:\docume~1\Sparkles\LOCALS~1\Temp\lsass.exe
c:\docume~1\Sparkles\LOCALS~1\Temp\services.exe
c:\docume~1\Sparkles\LOCALS~1\Temp\svchost.exe
c:\docume~1\Sparkles\LOCALS~1\Temp\taskmgr.exe
c:\docume~1\Sparkles\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\All Users\Application Data\96351556.ini
c:\documents and settings\LocalService\ntuser.dll
c:\documents and settings\NetworkService\ntuser.dll
c:\documents and settings\Sparkles\ntuser.dll
c:\documents and settings\Sparkles\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Sparkles\Start Menu\Programs\Startup\scandisk.lnk
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\Windows Police Pro.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\ecavukubon.dll
c:\windows\Installer\10e96893.msp
c:\windows\svohost.exe
c:\windows\system32\3089746937.dat
c:\windows\SYSTEM32\41.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\bincd32.dat
c:\windows\system32\calc.dll
c:\windows\system32\config\systemprofile\ntuser.dll
c:\windows\system32\drivers\gasfkytufjrjel.sys
c:\windows\system32\drivers\gasfkyxvbrsbft.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\gasfkyapkllsvm.dll
c:\windows\system32\gasfkycbiwulkr.dll
c:\windows\system32\gasfkyenxmsbft.dll
c:\windows\system32\gasfkyirprvjqf.dat
c:\windows\system32\gasfkylaplivwr.dll
c:\windows\system32\gasfkypjwipoqg.dll
c:\windows\system32\gasfkypxihkwsd.dat
c:\windows\system32\gasfkypylkjobf.dll
c:\windows\system32\gasfkywyrbqerl.dll
c:\windows\system32\Install.txt
c:\windows\system32\nuar.old
c:\windows\system32\Packet.dll
c:\windows\system32\plUGie.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\pump.exe
c:\windows\system32\schtml
c:\windows\system32\schtml\dbsinit.exe
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\word.doc
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\ygSUhdf83id.dll
c:\windows\TEMP\mta13187.dll
c:\windows\TEMP\t4m0_121857793162.bk.old
c:\windows\TEMP\x1c59222.dll
c:\windows\win32k.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gasfkyexuxovys
-------\Legacy_gasfkyexuxovys
-------\Legacy_6TO4
-------\Legacy_NPF
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_NPF
-------\Legacy_WDefend
-------\Service_WDefend


((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-17 17:36 . 2009-10-18 17:36 0 ----a-w- c:\windows\Gminuzi.bin
2009-10-17 17:36 . 2009-10-18 22:58 120 ----a-w- c:\windows\Sxoqokidu.dat
2009-10-17 17:36 . 2009-10-17 17:36 -------- d-----w- c:\documents and settings\Sparkles\Local Settings\Application Data\{99E995A6-D554-4320-9829-8188EB868B59}
2009-10-13 21:04 . 2009-10-13 21:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2009-10-09 15:57 . 2009-10-09 16:34 58 ----a-w- c:\windows\wp4.dat
2009-10-09 15:57 . 2009-10-09 16:34 3 ----a-w- c:\windows\wp3.dat
2009-10-04 09:49 . 2009-10-04 09:49 0 ----a-w- c:\documents and settings\Sparkles\settings.dat
2009-10-03 17:58 . 2009-10-03 17:58 -------- d-----w- c:\program files\Sophos
2009-10-03 17:52 . 2009-10-03 17:52 -------- d-sh--w- c:\documents and settings\Sparkles\IECompatCache
2009-10-01 04:26 . 2009-10-14 20:26 -------- d-----w- c:\program files\Panda Security
2009-10-01 02:10 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-01 02:10 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 02:10 . 2009-10-09 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 01:13 . 2009-10-01 01:15 152894674 ----a-w- C:\regbackup.reg
2009-09-30 22:00 . 2009-09-30 22:00 -------- d-----w- c:\program files\Uniblue
2009-09-27 09:39 . 2009-09-27 09:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-09-26 19:25 . 2009-09-30 22:01 -------- d-----w- c:\documents and settings\Sparkles\Application Data\Uniblue
2009-09-26 19:05 . 2009-09-26 19:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2009-09-26 19:05 . 2009-09-26 19:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2009-09-25 22:40 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-25 22:40 . 2009-09-26 09:00 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-25 22:40 . 2008-12-18 18:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-25 22:40 . 2009-09-25 22:41 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-25 22:40 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-25 22:40 . 2009-09-30 13:31 -------- d-----w- c:\program files\Spyware Doctor
2009-09-25 22:40 . 2009-09-25 22:40 -------- d-----w- c:\documents and settings\Sparkles\Application Data\PC Tools
2009-09-25 22:40 . 2009-09-25 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-25 14:59 . 2009-09-25 14:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-23 03:57 . 2009-09-26 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\10351564
2009-09-21 08:01 . 2009-09-21 08:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-21 06:54 . 2009-09-21 06:56 204 ----a-w- c:\windows\system32\MQ32TMP.bat.bat
2009-09-21 06:54 . 2009-09-21 06:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 23:13 . 2008-11-14 15:01 -------- d-----w- c:\documents and settings\Sparkles\Application Data\uTorrent
2009-10-17 17:42 . 2008-11-14 05:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-15 14:15 . 2009-04-03 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 05:15 . 2009-05-07 03:06 -------- d-----w- c:\program files\Replay AV 8
2009-10-15 02:12 . 2008-11-14 04:31 87600 ----a-w- c:\documents and settings\Sparkles\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 00:23 . 2008-11-16 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-14 20:26 . 2005-04-28 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-01 02:10 . 2009-06-22 23:22 -------- d-----w- c:\documents and settings\Sparkles\Application Data\Malwarebytes
2009-10-01 02:10 . 2009-06-22 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-26 08:59 . 2009-09-26 08:59 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-23 05:14 . 2009-09-17 13:34 -------- d-----w- c:\program files\Lemonade Tycoon 2
2009-09-21 06:55 . 2009-09-14 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-19 19:36 . 2008-11-16 01:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-14 05:51 . 2008-11-14 05:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-14 05:36 . 2008-12-18 04:51 -------- d-----w- c:\program files\Winamp
2009-09-14 03:39 . 2009-09-14 03:39 -------- d-----w- c:\program files\NOS
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 01:15 . 2009-06-22 07:12 -------- d-----w- c:\program files\Glary Utilities
2009-09-01 19:25 . 2009-09-01 19:25 67288 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-01 19:20 . 2008-11-26 20:02 -------- d-----w- c:\documents and settings\Sparkles\Application Data\Apple Computer
2009-09-01 19:19 . 2009-09-01 19:19 -------- d-----w- c:\program files\Safari
2009-09-01 19:18 . 2008-11-16 01:35 -------- d-----w- c:\program files\Bonjour
2009-08-30 20:51 . 2005-04-28 04:09 -------- d-----w- c:\program files\Java
2009-08-29 08:08 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:10 . 2009-06-22 07:33 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-06-22 07:34 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-06-22 07:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-06-22 07:34 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-06-22 07:34 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-06-22 07:34 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-06-22 07:34 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-06-22 07:34 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-06-22 07:34 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44 . 2004-08-04 10:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 10:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-25 12:23 . 2008-11-14 14:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\SYSTEM32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-11-03 680616]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-11-03 16040]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=mapledxp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli eser132.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\SYSTEM32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdxcfg.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdxjswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdxtime.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [9/25/2009 3:40 PM 206256]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [6/22/2009 12:34 AM 114768]
R1 mapledxp;mapledxp;c:\windows\SYSTEM32\DRIVERS\mapledxp.sys [12/23/2008 11:28 PM 24720]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [6/22/2009 12:34 AM 20560]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:00 AM 14336]
R2 fastnetsrv;fastnetsrv Service;c:\windows\SYSTEM32\FastNetSrv.exe [8/4/2004 3:00 AM 94720]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 3:00 AM 14336]
S3 ICDUSB3;ICDUSB3;c:\windows\SYSTEM32\DRIVERS\ICDUSB3.sys [8/8/2009 7:03 PM 11264]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11.tmp --> c:\windows\system32\11.tmp [?]
S3 mfsdisk;mfsdisk;c:\windows\SYSTEM32\mfsdisk.sys [8/4/2004 3:00 AM 2304]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2009 3:40 PM 348752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BTWSRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-22 18:39]

2009-10-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-09 07:01]

2009-10-19 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-11-14 22:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\Sparkles\Application Data\Mozilla\Firefox\Profiles\a6jtm0oz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Sparkles\Application Data\Mozilla\Firefox\Profiles\a6jtm0oz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Sparkles\Application Data\Mozilla\Firefox\Profiles\a6jtm0oz.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {99E995A6-D554-4320-9829-8188EB868B59} - c:\documents and settings\Sparkles\Local Settings\Application Data\{99E995A6-D554-4320-9829-8188EB868B59}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Orotetaco - c:\windows\ecavukubon.dll
HKU-Default-Run-calc - c:\docume~1\NETWOR~1\ntuser.dll
AddRemove-ActiveScan 2.0 - c:\program files\Panda Security\ActiveScan 2.0\as2uninst.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-18 17:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\FInstall.sys 8 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\11.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(844)
c:\windows\eser132.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\eser132.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\lxdxcoms.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\SYSTEM32\wmdtc.exe
c:\combofix\CF18125.exe
c:\program files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\SYSTEM32\lsm32.sys
.
**************************************************************************
.
Completion time: 2009-10-19 17:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 00:20

Pre-Run: 946,925,568 bytes free
Post-Run: 1,354,772,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

348 --- E O F --- 2009-10-18 16:09



DDS (Ver_09-09-29.01) - NTFSx86
Run by Sparkles at 17:32:59.04 on Sun 10/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.160 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 091018-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wmdtc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\lsm32.sys
C:\Documents and Settings\Sparkles\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1238715765218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli eser132.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sparkles\applic~1\mozilla\firefox\profiles\a6jtm0oz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {99E995A6-D554-4320-9829-8188EB868B59} - c:\documents and settings\sparkles\local settings\application data\{99E995A6-D554-4320-9829-8188EB868B59}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-25 206256]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-22 114768]
R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2008-12-23 24720]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-22 138680]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2004-8-4 94720]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-22 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-22 352920]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2009-8-8 11264]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11.tmp --> c:\windows\system32\11.tmp [?]
S3 mfsdisk;mfsdisk;c:\windows\system32\mfsdisk.sys [2004-8-4 2304]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-25 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-25 1097096]

=============== Created Last 30 ================

2009-10-18 16:21 <DIR> a-dshr-- C:\cmdcons
2009-10-18 16:19 236,544 a------- c:\windows\PEV.exe
2009-10-18 16:19 161,792 a------- c:\windows\SWREG.exe
2009-10-18 16:19 98,816 a------- c:\windows\sed.exe
2009-10-17 10:36 0 a------- c:\windows\Gminuzi.bin
2009-10-17 10:36 120 a------- c:\windows\Sxoqokidu.dat
2009-10-13 16:03 <DIR> --d----- c:\windows\pss
2009-10-09 08:57 58 a------- c:\windows\wp4.dat
2009-10-09 08:57 3 a------- c:\windows\wp3.dat
2009-10-04 02:49 0 a------- c:\documents and settings\sparkles\settings.dat
2009-10-03 10:58 <DIR> --d----- c:\program files\Sophos
2009-10-03 10:52 <DIR> --dsh--- c:\documents and settings\sparkles\IECompatCache
2009-09-30 21:26 <DIR> --d----- c:\program files\Panda Security
2009-09-30 19:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 19:10 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-30 19:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 18:13 152,894,674 a------- C:\regbackup.reg
2009-09-30 15:00 <DIR> --d----- c:\program files\Uniblue
2009-09-26 12:25 <DIR> --d----- c:\docume~1\sparkles\applic~1\Uniblue
2009-09-26 01:59 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-25 15:40 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-25 15:40 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-25 15:40 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-25 15:40 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-25 15:40 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-25 15:40 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-25 15:40 <DIR> --d----- c:\docume~1\sparkles\applic~1\PC Tools
2009-09-25 15:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-22 20:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\10351564
2009-09-21 05:29 987 a------- c:\windows\wininit.ini
2009-09-20 23:54 204 a------- c:\windows\system32\MQ32TMP.bat.bat

==================== Find3M ====================

2009-09-11 07:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 07:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 14:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 14:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-09-01 12:25 67,288 a---h--- c:\windows\system32\mlfcache.dat
2009-08-28 03:35 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 01:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 01:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 08:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 07:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 07:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 07:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2007-03-09 00:12 27,648 a--sh--- c:\windows\system32\AVSredirect.dll

============= FINISH: 17:33:50.17 ===============

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:17 PM

Posted 19 October 2009 - 08:39 AM

Hi,

okay here are the two logs, my only question is that i keep getting a ballon on my taskbar saying _________ file corrupt run chkdsk utility, should i run the chkdsk?
Don't run disk check now.

Upload following file to http://www.virustotal.com and post back link to the results:
c:\windows\SYSTEM32\FastNetSrv.exe

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/t/262471/originally-infected-with-total-security-2009-removed-it-but-still-having-things-go-crazy-on-me/?p=1463922
Collect::
c:\windows\Gminuzi.bin
c:\windows\Sxoqokidu.dat
c:\windows\wp4.dat
c:\windows\wp3.dat
C:\WINDOWS\system32\lsm32.sys
c:\windows\eser132.dll
c:\windows\system32\FInstall.sys
DDS::
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FileLook::
c:\documents and settings\Sparkles\settings.dat
c:\windows\system32\MQ32TMP.bat.bat
Folder::
c:\docume~1\alluse~1\applic~1\10351564
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
Firefox::
FF - HiddenExtension: XULRunner: {99E995A6-D554-4320-9829-8188EB868B59} - c:\documents and settings\Sparkles\Local Settings\Application Data\{99E995A6-D554-4320-9829-8188EB868B59}


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. You'll need to have internet connection open during the run so that malware samples can be submitted.

Then post the resultant log.


Update Malwarebytes' A-M definitions and run a full scan with it. Post back the report & a fresh dds.txt log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 19 October 2009 - 08:38 PM

Is this the link you need? http://www.virustotal.com/reanalisis.html?...44b7-1255985202





ComboFix 09-10-19.01 - Sparkles 10/19/2009 13:56.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.392 [GMT -7:00]
Running from: c:\documents and settings\Sparkles\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sparkles\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091019-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\eser132.dll
file zipped: c:\windows\Gminuzi.bin
file zipped: c:\windows\Sxoqokidu.dat
file zipped: c:\windows\system32\FInstall.sys
file zipped: c:\windows\system32\lsm32.sys
file zipped: c:\windows\wp3.dat
file zipped: c:\windows\wp4.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1\applic~1\10351564
c:\docume~1\alluse~1\applic~1\10351564\10351564
c:\docume~1\alluse~1\applic~1\10351564\pc10351564ins
c:\documents and settings\Sparkles\Local Settings\Application Data\{99E995A6-D554-4320-9829-8188EB868B59}
c:\documents and settings\Sparkles\Local Settings\Application Data\{99E995A6-D554-4320-9829-8188EB868B59}\chrome.manifest
c:\documents and settings\Sparkles\Local Settings\Application Data\{99E995A6-D554-4320-9829-8188EB868B59}\chrome\content\_cfg.js
c:\documents and settings\Sparkles\Local Settings\Application Data\{99E995A6-D554-4320-9829-8188EB868B59}\chrome\content\overlay.xul
c:\documents and settings\Sparkles\Local Settings\Application Data\{99E995A6-D554-4320-9829-8188EB868B59}\install.rdf
c:\windows\eser132.dll
c:\windows\Gminuzi.bin
c:\windows\Install.txt
c:\windows\Sxoqokidu.dat
c:\windows\system32\FInstall.sys
c:\windows\system32\Install.txt
c:\windows\system32\lsm32.sys
c:\windows\TEMP\mta13187.dll
c:\windows\TEMP\t4m0_496562446605.bk.old
c:\windows\TEMP\x1c109871.dll
c:\windows\wp3.dat
c:\windows\wp4.dat

.
((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-13 21:04 . 2009-10-13 21:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2009-10-04 09:49 . 2009-10-04 09:49 0 ----a-w- c:\documents and settings\Sparkles\settings.dat
2009-10-03 17:58 . 2009-10-03 17:58 -------- d-----w- c:\program files\Sophos
2009-10-03 17:52 . 2009-10-03 17:52 -------- d-sh--w- c:\documents and settings\Sparkles\IECompatCache
2009-10-01 04:26 . 2009-10-14 20:26 -------- d-----w- c:\program files\Panda Security
2009-10-01 02:10 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-01 02:10 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 02:10 . 2009-10-09 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 01:13 . 2009-10-01 01:15 152894674 ----a-w- C:\regbackup.reg
2009-09-30 22:00 . 2009-09-30 22:00 -------- d-----w- c:\program files\Uniblue
2009-09-27 09:39 . 2009-09-27 09:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-09-26 19:25 . 2009-09-30 22:01 -------- d-----w- c:\documents and settings\Sparkles\Application Data\Uniblue
2009-09-26 19:05 . 2009-09-26 19:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2009-09-26 19:05 . 2009-09-26 19:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2009-09-25 22:40 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-25 22:40 . 2009-09-26 09:00 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-25 22:40 . 2008-12-18 18:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-25 22:40 . 2009-09-25 22:41 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-25 22:40 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-25 22:40 . 2009-09-30 13:31 -------- d-----w- c:\program files\Spyware Doctor
2009-09-25 22:40 . 2009-09-25 22:40 -------- d-----w- c:\documents and settings\Sparkles\Application Data\PC Tools
2009-09-25 22:40 . 2009-09-25 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-25 14:59 . 2009-09-25 14:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-21 08:01 . 2009-09-21 08:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-21 06:54 . 2009-09-21 06:56 204 ----a-w- c:\windows\system32\MQ32TMP.bat.bat
2009-09-21 06:54 . 2009-09-21 06:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 23:13 . 2008-11-14 15:01 -------- d-----w- c:\documents and settings\Sparkles\Application Data\uTorrent
2009-10-17 17:42 . 2008-11-14 05:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-15 14:15 . 2009-04-03 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 05:15 . 2009-05-07 03:06 -------- d-----w- c:\program files\Replay AV 8
2009-10-15 02:12 . 2008-11-14 04:31 87600 ----a-w- c:\documents and settings\Sparkles\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 00:23 . 2008-11-16 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-14 20:26 . 2005-04-28 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-01 02:10 . 2009-06-22 23:22 -------- d-----w- c:\documents and settings\Sparkles\Application Data\Malwarebytes
2009-10-01 02:10 . 2009-06-22 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-26 08:59 . 2009-09-26 08:59 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-23 05:14 . 2009-09-17 13:34 -------- d-----w- c:\program files\Lemonade Tycoon 2
2009-09-21 06:55 . 2009-09-14 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-19 19:36 . 2008-11-16 01:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-14 05:51 . 2008-11-14 05:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-14 05:36 . 2008-12-18 04:51 -------- d-----w- c:\program files\Winamp
2009-09-14 03:39 . 2009-09-14 03:39 -------- d-----w- c:\program files\NOS
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 01:15 . 2009-06-22 07:12 -------- d-----w- c:\program files\Glary Utilities
2009-09-01 19:25 . 2009-09-01 19:25 67288 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-01 19:20 . 2008-11-26 20:02 -------- d-----w- c:\documents and settings\Sparkles\Application Data\Apple Computer
2009-09-01 19:19 . 2009-09-01 19:19 -------- d-----w- c:\program files\Safari
2009-09-01 19:18 . 2008-11-16 01:35 -------- d-----w- c:\program files\Bonjour
2009-08-30 20:51 . 2005-04-28 04:09 -------- d-----w- c:\program files\Java
2009-08-29 08:08 . 2004-08-04 10:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:10 . 2009-06-22 07:33 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-06-22 07:34 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-06-22 07:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-06-22 07:34 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-06-22 07:34 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-06-22 07:34 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-06-22 07:34 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-06-22 07:34 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-06-22 07:34 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44 . 2004-08-04 10:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 10:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-25 12:23 . 2008-11-14 14:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\SYSTEM32\AVSredirect.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\documents and settings\Sparkles\settings.dat ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 0
Created time: 2009-10-04 09:49
Modified time: 2009-10-04 09:49
MD5: D41D8CD98F00B204E9800998ECF8427E
SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709


--- c:\windows\system32\MQ32TMP.bat.bat ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 204
Created time: 2009-09-21 06:54
Modified time: 2009-09-21 06:56
MD5: CEA9E12FE182D42FE8E187F6E7B26BDE
SHA1: CEC8B9A08D76FA62F84439B3852D35B55580F251


((((((((((((((((((((((((((((( SnapShot@2009-10-19_00.10.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-19 17:42 . 2009-10-19 17:42 16384 c:\windows\Temp\Perflib_Perfdata_634.dat
+ 2009-10-19 21:08 . 2009-10-19 21:08 16384 c:\windows\Temp\Perflib_Perfdata_620.dat
+ 2009-10-19 21:08 . 2009-10-19 21:08 16384 c:\windows\Temp\Perflib_Perfdata_44c.dat
+ 2004-08-04 10:00 . 2004-08-04 10:00 94208 c:\windows\SYSTEM32\FastNetSrv.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00 130048 c:\windows\SYSTEM32\wmdtc.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00 130048 c:\windows\SYSTEM32\opeia.exe
+ 2009-10-19 21:09 . 2009-08-29 08:08 1208832 c:\windows\Temp\x1c57711.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-11-03 680616]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-11-03 16040]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=mapledxp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\SYSTEM32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdxcfg.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdxjswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdxtime.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [9/25/2009 3:40 PM 206256]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [6/22/2009 12:34 AM 114768]
R1 mapledxp;mapledxp;c:\windows\SYSTEM32\DRIVERS\mapledxp.sys [12/23/2008 11:28 PM 24720]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [6/22/2009 12:34 AM 20560]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:00 AM 14336]
R2 fastnetsrv;fastnetsrv Service;c:\windows\SYSTEM32\FastNetSrv.exe [8/4/2004 3:00 AM 94208]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 3:00 AM 14336]
S3 ICDUSB3;ICDUSB3;c:\windows\SYSTEM32\DRIVERS\ICDUSB3.sys [8/8/2009 7:03 PM 11264]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11.tmp --> c:\windows\system32\11.tmp [?]
S3 mfsdisk;mfsdisk;c:\windows\SYSTEM32\mfsdisk.sys [8/4/2004 3:00 AM 2304]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/25/2009 3:40 PM 348752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BTWSRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-06-22 18:39]

2009-10-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-09 07:01]

2009-10-19 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-11-14 22:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\Sparkles\Application Data\Mozilla\Firefox\Profiles\a6jtm0oz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Sparkles\Application Data\Mozilla\Firefox\Profiles\a6jtm0oz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Sparkles\Application Data\Mozilla\Firefox\Profiles\a6jtm0oz.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 14:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\11.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(284)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\lxdxcoms.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\SYSTEM32\opeia.exe
c:\combofix\CF26739.exe
c:\program files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-10-19 14:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 21:20
ComboFix2.txt 2009-10-19 00:20

Pre-Run: 1,334,304,768 bytes free
Post-Run: 1,313,460,224 bytes free

- - End Of File - - 51A63F1A83744CD662CF11BDA381BD1F



DDS (Ver_09-09-29.01) - NTFSx86
Run by Sparkles at 18:32:49.81 on Mon 10/19/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.311 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 091019-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Documents and Settings\Sparkles\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1238715765218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sparkles\applic~1\mozilla\firefox\profiles\a6jtm0oz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\sparkles\application data\mozilla\firefox\profiles\a6jtm0oz.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\sparkles\application data\mozilla\firefox\profiles\a6jtm0oz.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-25 206256]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-22 114768]
R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2008-12-23 24720]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-22 138680]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-22 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-22 352920]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2009-8-8 11264]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11.tmp --> c:\windows\system32\11.tmp [?]
S3 mfsdisk;mfsdisk;\??\c:\windows\system32\mfsdisk.sys --> c:\windows\system32\mfsdisk.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-25 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-25 1097096]
SUnknown BtwSrv;BtwSrv; [x]

=============== Created Last 30 ================

2009-10-19 14:25 <DIR> --d-h--- c:\windows\PIF
2009-10-18 16:21 <DIR> a-dshr-- C:\cmdcons
2009-10-18 16:19 236,544 a------- c:\windows\PEV.exe
2009-10-18 16:19 161,792 a------- c:\windows\SWREG.exe
2009-10-18 16:19 98,816 a------- c:\windows\sed.exe
2009-10-13 16:03 <DIR> --d----- c:\windows\pss
2009-10-04 02:49 0 a------- c:\documents and settings\sparkles\settings.dat
2009-10-03 10:58 <DIR> --d----- c:\program files\Sophos
2009-10-03 10:52 <DIR> --dsh--- c:\documents and settings\sparkles\IECompatCache
2009-09-30 21:26 <DIR> --d----- c:\program files\Panda Security
2009-09-30 19:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 19:10 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-30 19:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 18:13 152,894,674 a------- C:\regbackup.reg
2009-09-30 15:00 <DIR> --d----- c:\program files\Uniblue
2009-09-26 12:25 <DIR> --d----- c:\docume~1\sparkles\applic~1\Uniblue
2009-09-26 01:59 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-25 15:40 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-25 15:40 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-25 15:40 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-25 15:40 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-25 15:40 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-25 15:40 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-25 15:40 <DIR> --d----- c:\docume~1\sparkles\applic~1\PC Tools
2009-09-25 15:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-21 05:29 987 a------- c:\windows\wininit.ini
2009-09-20 23:54 204 a------- c:\windows\system32\MQ32TMP.bat.bat

==================== Find3M ====================

2009-09-11 07:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 07:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 14:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 14:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-09-01 12:25 67,288 a---h--- c:\windows\system32\mlfcache.dat
2009-08-28 03:35 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 01:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 01:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 08:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 07:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 07:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 07:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2007-03-09 00:12 27,648 a--sh--- c:\windows\system32\AVSredirect.dll

============= FINISH: 18:36:39.46 ===============

Edited by emopants92, 19 October 2009 - 08:40 PM.


#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:17 PM

Posted 20 October 2009 - 04:04 AM

Is this the link you need? http://www.virustotal.com/reanalisis.html?...44b7-1255985202

Hi,

You have to wait until scanning is completed. Your link returns "not found".

Please, look for zip file which name begins as [4]-Submit in c:\qoobox\quarantine folder.

Upload it here

Kindly include a link to this topic in the message.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 20 October 2009 - 02:53 PM

Just uploaded it

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:17 PM

Posted 20 October 2009 - 03:32 PM

Thanks for the sample.


Start MBAM and update its definitions. Then run a full scan with it (let it remove the findings) and post back the results & fresh dds.txt log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 emopants92

emopants92
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 20 October 2009 - 08:20 PM

Malwarebytes' Anti-Malware 1.41
Database version: 3001
Windows 5.1.2600 Service Pack 3

10/20/2009 6:08:04 PM
mbam-log-2009-10-20 (18-08-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 212991
Time elapsed: 4 hour(s), 7 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000021.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000040.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000041.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000042.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000043.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000188.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000203.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000204.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\svohost.exe.vir (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkyapkllsvm.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkycbiwulkr.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkyenxmsbft.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkylaplivwr.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkypjwipoqg.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkypylkjobf.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkywyrbqerl.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsm32.sys.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\plugie.dll.vir (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pump.exe.vir (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gasfkytufjrjel.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gasfkyxvbrsbft.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Temp\t4m0_121857793162.bk.old.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Temp\t4m0_496562446605.bk.old.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lsm32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SLSFGXI1\dfghfghgfj[1].dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.



DDS (Ver_09-09-29.01) - NTFSx86
Run by Sparkles at 18:16:06.65 on Tue 10/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.391 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 091020-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Documents and Settings\Sparkles\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1238715765218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sparkles\applic~1\mozilla\firefox\profiles\a6jtm0oz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\sparkles\application data\mozilla\firefox\profiles\a6jtm0oz.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\sparkles\application data\mozilla\firefox\profiles\a6jtm0oz.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-25 206256]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-22 114768]
R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2008-12-23 24720]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-22 138680]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-22 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-22 352920]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2009-8-8 11264]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11.tmp --> c:\windows\system32\11.tmp [?]
S3 mfsdisk;mfsdisk;\??\c:\windows\system32\mfsdisk.sys --> c:\windows\system32\mfsdisk.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-25 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-25 1097096]

=============== Created Last 30 ================

2009-10-19 14:25 <DIR> --d-h--- c:\windows\PIF
2009-10-18 16:21 <DIR> a-dshr-- C:\cmdcons
2009-10-18 16:19 236,544 a------- c:\windows\PEV.exe
2009-10-18 16:19 161,792 a------- c:\windows\SWREG.exe
2009-10-18 16:19 98,816 a------- c:\windows\sed.exe
2009-10-13 16:03 <DIR> --d----- c:\windows\pss
2009-10-04 02:49 0 a------- c:\documents and settings\sparkles\settings.dat
2009-10-03 10:58 <DIR> --d----- c:\program files\Sophos
2009-10-03 10:52 <DIR> --dsh--- c:\documents and settings\sparkles\IECompatCache
2009-09-30 21:26 <DIR> --d----- c:\program files\Panda Security
2009-09-30 19:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 19:10 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-30 19:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 18:13 152,894,674 a------- C:\regbackup.reg
2009-09-30 15:00 <DIR> --d----- c:\program files\Uniblue
2009-09-26 12:25 <DIR> --d----- c:\docume~1\sparkles\applic~1\Uniblue
2009-09-26 01:59 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-25 15:40 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-25 15:40 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-25 15:40 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-25 15:40 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-25 15:40 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-25 15:40 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-25 15:40 <DIR> --d----- c:\docume~1\sparkles\applic~1\PC Tools
2009-09-25 15:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-21 05:29 987 a------- c:\windows\wininit.ini
2009-09-20 23:54 204 a------- c:\windows\system32\MQ32TMP.bat.bat

==================== Find3M ====================

2009-09-11 07:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 07:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 14:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 14:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-09-01 12:25 67,288 a---h--- c:\windows\system32\mlfcache.dat
2009-08-28 03:35 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 01:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 01:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 08:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 07:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 07:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 07:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2007-03-09 00:12 27,648 a--sh--- c:\windows\system32\AVSredirect.dll

============= FINISH: 18:17:03.51 ===============




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users