|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-06-2009, 02:39 PM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Max++ trying to take over the world....
I have been following along on several threads trying to wrap my head around what is going on with my cousins computer. The post from Ried to Tubularbells was very helpful. This is what I have so far. First let me apologize as I have fought with this computer all night before I discovered this thread so I may have done things out of order (i.e. downloading and trying a half dozen different programs to rid this machine of its malicious spirit). Alas, here I am.
I will try and cut to the chase. I have a malware that disables every AV and Spybot program I can find. It will run for a few seconds, shut off and won't let it run again. I tried the fr33 trick and it worked, but only to start it again for a few seconds...a predictable result but I was tired. So without going into all the other crap i tried, I finally used the GMER software. It ran then when it seemed to finish, it closed without allowing me to save the file. I reran a fresh "random" copy and saved it as it went along so I think I got the whole thread. Dds however, would not allow me an opportunity to save the files. It would run (or at least a dos window would pop up for a quick second the close) but that would be it, no files to save. But, here are the results of the GMER scan: (this was run while in "safe mode") GMER 1.0.15.15125 - http://www.gmer.net Rootkit scan 2009-10-06 14:38:34 Windows 5.1.2600 Service Pack 2 Running: yub9efki.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdipow.sys ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF747FD72] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF74609A6] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7460B98] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7480568] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7480820] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF747EA80] SSDT \SystemRoot\System32\Drivers\Beep.SYS ZwQuerySystemInformation [0xF76EF1A0] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7480C8A] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7480036] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7460656] ---- Devices - GMER 1.0.15 ---- Device A Ntfs.sys (NT File System Driver/Microsoft Corporation) Device A Udfs.SYS (UDF File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device A mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\Device\__max++>\25A47000.x86.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [252] 0x35670000 Library \\?\globalroot\Device\__max++>\25A47000.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [984] 0x35670000 Library \\?\globalroot\Device\__max++>\25A47000.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1140] 0x35670000 Library \\?\globalroot\Device\__max++>\25A47000.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1196] 0x35670000 Library \\?\globalroot\Device\__max++>\25A47000.x86.dll (*** hidden *** ) @ C:\Program Files\Safari\Safari.exe [1392] 0x35670000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\904010001E872D116BF00006799C897E\Usage@OutlookOMI 994443308 ---- Files - GMER 1.0.15 ---- ADS C:\System Volume Information\_restore{6F40D2B5-6C5D-479C-8079-1B43EAF95FCF}\RP5\A0000159.sys:1 8704 bytes executable as you can see, max++ seems to be a very visible culprit (or very good red herring) as I am writing this I am doing a win32kdiag scan and will post the results later. How can I get the dds to run and save a file and after reviewing the above, where do we go from here. Thanks Jay Last edited by jayhenson; 10-06-2009 at 03:01 PM. Reason: misspellings and added info |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-06-2009, 03:57 PM
|
#2 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Re: Max++ trying to take over the world....
Here are the results of the win32kdiag (finally):
Running from: C:\Documents and Settings\Jay\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Jay\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB958690\KB958690 Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll [1] 2004-03-29 20:48:36 364544 C:\WINDOWS\$NtServicePackUninstall$\callcont.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 360448 C:\WINDOWS\$NtUninstallKB835732$\callcont.dll () [1] 2004-08-04 02:56:41 385024 C:\WINDOWS\ServicePackFiles\i386\callcont.dll (Microsoft Corporation) [1] 2004-08-04 02:56:41 385024 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\callcont.dll (Microsoft Corporation) [1] 2008-04-13 19:11:50 385024 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\callcont.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp [1] 2004-03-29 20:48:36 253440 C:\WINDOWS\$NtServicePackUninstall$\h323.tsp () [1] 2002-08-29 15:00:00 252928 C:\WINDOWS\$NtUninstallKB835732$\h323.tsp () [1] 2004-08-04 02:56:57 265728 C:\WINDOWS\ServicePackFiles\i386\h323.tsp () [1] 2004-08-04 02:56:57 265728 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\h323.tsp () [1] 2008-04-13 19:12:45 265728 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\h323.tsp () [1] 2004-08-04 02:56:57 265728 C:\WINDOWS\system32\h323.tsp () Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll [1] 2004-03-29 20:48:36 593408 C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 592896 C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll () [1] 2004-08-04 02:56:42 614912 C:\WINDOWS\ServicePackFiles\i386\h323msp.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 614912 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\h323msp.dll (Microsoft Corporation) [1] 2008-04-13 19:11:54 614912 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\h323msp.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 614912 C:\WINDOWS\system32\h323msp.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe [1] 2004-03-29 20:34:15 741376 C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe (Microsoft Corporation) [1] 2002-08-29 15:00:00 742400 C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe () [1] 2004-08-04 02:56:49 768512 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe (Microsoft Corporation) [1] 2004-08-04 02:56:49 768512 C:\WINDOWS\ServicePackFiles\i386\helpctr.exe (Microsoft Corporation) [1] 2004-08-04 02:56:49 768512 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\helpctr.exe (Microsoft Corporation) [1] 2008-04-13 19:12:21 769024 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\helpctr.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll [1] 2004-03-29 20:48:36 439808 C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 435200 C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll () [1] 2004-08-04 02:56:42 331264 C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 331264 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ipnathlp.dll (Microsoft Corporation) [1] 2008-04-13 19:11:55 331264 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ipnathlp.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 331264 C:\WINDOWS\system32\ipnathlp.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll [1] 2004-10-27 20:21:01 721920 C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\lsasrv.dll (Microsoft Corporation) [1] 2004-10-27 20:28:18 721920 C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll (Microsoft Corporation) [1] 2006-08-17 07:37:49 726528 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll (Microsoft Corporation) [1] 2007-11-07 04:50:47 727040 C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll (Microsoft Corporation) [1] 2009-02-09 05:01:53 728576 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\lsasrv.dll (Microsoft Corporation) [1] 2009-02-09 07:10:49 729088 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\lsasrv.dll (Microsoft Corporation) [1] 2009-02-09 05:56:36 729088 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\lsasrv.dll (Microsoft Corporation) [1] 2009-06-25 03:17:27 729600 C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\lsasrv.dll (Microsoft Corporation) [1] 2009-06-25 03:25:26 730112 C:\WINDOWS\$hf_mig$\KB968389\SP3GDR\lsasrv.dll (Microsoft Corporation) [1] 2009-06-26 04:41:12 730112 C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\lsasrv.dll (Microsoft Corporation) [1] 2004-10-27 20:29:54 681984 C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 671744 C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll () [1] 2004-08-04 02:56:42 721920 C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll (Microsoft Corporation) [1] 2004-03-29 20:48:36 667648 C:\WINDOWS\$NtUninstallKB885835_0$\lsasrv.dll (Microsoft Corporation) [1] 2004-10-27 20:21:01 721920 C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll (Microsoft Corporation) [1] 2006-08-17 07:28:27 721920 C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll (Microsoft Corporation) [1] 2007-11-07 04:26:56 721920 C:\WINDOWS\$NtUninstallKB956572$\lsasrv.dll (Microsoft Corporation) [1] 2009-02-09 05:20:34 723456 C:\WINDOWS\$NtUninstallKB968389$\lsasrv.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 721920 C:\WINDOWS\ServicePackFiles\i386\lsasrv.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 721920 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsasrv.dll (Microsoft Corporation) [1] 2008-04-13 19:11:56 728064 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsasrv.dll (Microsoft Corporation) [1] 2009-06-25 03:44:41 724480 C:\WINDOWS\system32\dllcache\lsasrv.dll (Microsoft Corporation) [1] 2009-06-25 03:44:41 724480 C:\WINDOWS\system32\lsasrv.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll [1] 2007-03-08 10:48:36 40960 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll (Microsoft Corporation) [1] 2004-03-29 20:48:36 36864 C:\WINDOWS\$NtServicePackUninstall$\mf3216.dll (Microsoft Corporation) [1] 2004-03-29 20:48:36 36864 C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll () [1] 2004-03-29 20:48:36 36864 C:\WINDOWS\$NtUninstallKB896424_0$\mf3216.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 35328 C:\WINDOWS\$NtUninstallKB912919_0$\mf3216.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 39936 C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 39936 C:\WINDOWS\ServicePackFiles\i386\mf3216.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 39936 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mf3216.dll (Microsoft Corporation) [1] 2008-04-13 19:11:56 40960 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mf3216.dll (Microsoft Corporation) [1] 2007-03-08 10:36:28 40960 C:\WINDOWS\system32\dllcache\mf3216.dll (Microsoft Corporation) [1] 2007-03-08 10:36:28 40960 C:\WINDOWS\system32\mf3216.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll [1] 2004-03-29 20:48:36 51712 C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 51200 C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll () [1] 2004-08-04 02:56:42 57344 C:\WINDOWS\ServicePackFiles\i386\msasn1.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 57344 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\msasn1.dll (Microsoft Corporation) [1] 2008-04-13 19:11:58 57344 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msasn1.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 57344 C:\WINDOWS\system32\msasn1.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll [1] 2004-03-29 20:48:36 971264 C:\WINDOWS\$NtServicePackUninstall$\msgina.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 968192 C:\WINDOWS\$NtUninstallKB835732$\msgina.dll () [1] 2004-08-04 02:56:43 994304 C:\WINDOWS\ServicePackFiles\i386\msgina.dll (Microsoft Corporation) [1] 2004-08-04 02:56:43 994304 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\msgina.dll (Microsoft Corporation) [1] 2008-04-13 19:11:59 997376 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgina.dll (Microsoft Corporation) [1] 2004-08-04 02:56:43 994304 C:\WINDOWS\system32\msgina.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll [1] 2004-03-29 20:48:36 253952 C:\WINDOWS\$NtServicePackUninstall$\mst120.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 249856 C:\WINDOWS\$NtUninstallKB835732$\mst120.dll () [1] 2004-08-04 02:56:43 274432 C:\WINDOWS\ServicePackFiles\i386\mst120.dll (Microsoft Corporation) [1] 2004-08-04 02:56:43 274432 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mst120.dll (Microsoft Corporation) [1] 2008-04-13 19:12:00 274432 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mst120.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll [1] 2006-07-14 10:31:39 332288 C:\WINDOWS\$hf_mig$\KB921883\SP2GDR\netapi32.dll (Microsoft Corporation) [1] 2006-07-14 10:41:56 336896 C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\netapi32.dll (Microsoft Corporation) [1] 2006-08-17 07:37:49 337408 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll (Microsoft Corporation) [1] 2008-10-15 11:53:28 339456 C:\WINDOWS\$hf_mig$\KB958644\SP2QFE\netapi32.dll (Microsoft Corporation) [1] 2008-10-15 11:34:24 337408 C:\WINDOWS\$hf_mig$\KB958644\SP3GDR\netapi32.dll (Microsoft Corporation) [1] 2008-10-15 11:25:53 339456 C:\WINDOWS\$hf_mig$\KB958644\SP3QFE\netapi32.dll (Microsoft Corporation) [1] 2006-07-14 10:53:28 307200 C:\WINDOWS\$NtServicePackUninstall$\netapi32.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 309248 C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll () [1] 2004-08-04 02:56:44 332288 C:\WINDOWS\$NtUninstallKB921883$\netapi32.dll (Microsoft Corporation) [1] 2004-03-29 20:48:36 306176 C:\WINDOWS\$NtUninstallKB921883_0$\netapi32.dll (Microsoft Corporation) [1] 2006-07-14 10:31:39 332288 C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll (Microsoft Corporation) [1] 2006-08-17 07:28:27 332288 C:\WINDOWS\$NtUninstallKB958644$\netapi32.dll (Microsoft Corporation) [1] 2004-08-04 02:56:44 332288 C:\WINDOWS\ServicePackFiles\i386\netapi32.dll (Microsoft Corporation) [1] 2004-08-04 02:56:44 332288 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netapi32.dll (Microsoft Corporation) [1] 2008-04-13 19:12:01 337408 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netapi32.dll (Microsoft Corporation) [1] 2008-10-15 11:57:55 332800 C:\WINDOWS\system32\dllcache\netapi32.dll (Microsoft Corporation) [1] 2008-10-15 11:57:55 332800 C:\WINDOWS\system32\netapi32.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll [1] 2004-03-29 20:48:36 73728 C:\WINDOWS\$NtServicePackUninstall$\nmcom.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 69632 C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll () [1] 2004-08-04 02:56:44 77824 C:\WINDOWS\ServicePackFiles\i386\nmcom.dll (Microsoft Corporation) [1] 2004-08-04 02:56:44 77824 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\nmcom.dll (Microsoft Corporation) [1] 2008-04-13 19:12:02 77824 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\nmcom.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll [1] 2004-03-29 20:48:36 548352 C:\WINDOWS\$NtServicePackUninstall$\rtcdll.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 548864 C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll () [1] 2004-08-04 02:56:59 991232 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\asms\52\msft\windows\net\rtcdll\rtcdll.dll (Microsoft Corporation) [1] 2008-04-13 19:12:50 991232 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\52\msft\windows\net\rtcdll\rtcdll.dll (Microsoft Corporation) [1] 2004-08-04 02:56:59 991232 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll [1] 2007-04-25 15:32:22 144896 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll (Microsoft Corporation) [1] 2008-12-05 01:41:26 144896 C:\WINDOWS\$hf_mig$\KB960225\SP2QFE\schannel.dll (Microsoft Corporation) [1] 2008-12-05 01:54:55 144896 C:\WINDOWS\$hf_mig$\KB960225\SP3GDR\schannel.dll (Microsoft Corporation) [1] 2008-12-05 01:58:08 144896 C:\WINDOWS\$hf_mig$\KB960225\SP3QFE\schannel.dll (Microsoft Corporation) [1] 2009-06-25 03:17:27 168448 C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\schannel.dll (Microsoft Corporation) [1] 2009-06-25 03:25:26 147456 C:\WINDOWS\$hf_mig$\KB968389\SP3GDR\schannel.dll (Microsoft Corporation) [1] 2009-06-25 03:41:11 147456 C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\schannel.dll (Microsoft Corporation) [1] 2004-03-29 20:48:36 136704 C:\WINDOWS\$NtServicePackUninstall$\schannel.dll (Microsoft Corporation) [1] 2002-08-29 15:00:00 136704 C:\WINDOWS\$NtUninstallKB835732$\schannel.dll () [1] 2004-08-04 02:56:44 144896 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll (Microsoft Corporation) [1] 2007-04-25 09:21:15 144896 C:\WINDOWS\$NtUninstallKB960225$\schannel.dll (Microsoft Corporation) [1] 2008-12-05 02:12:45 144896 C:\WINDOWS\$NtUninstallKB968389$\schannel.dll (Microsoft Corporation) [1] 2004-08-04 02:56:44 144896 C:\WINDOWS\ServicePackFiles\i386\schannel.dll (Microsoft Corporation) [1] 2004-08-04 02:56:44 144896 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\schannel.dll (Microsoft Corporation) [1] 2008-04-13 19:12:05 144384 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schannel.dll (Microsoft Corporation) [1] 2009-06-25 03:44:41 168448 C:\WINDOWS\system32\dllcache\schannel.dll (Microsoft Corporation) [1] 2009-06-25 03:44:41 168448 C:\WINDOWS\system32\schannel.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\assembly\GAC\GAC Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP109.tmp\ZAP109.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D.tmp\ZAP1D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA2.tmp\ZAPA2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEE.tmp\ZAPEE.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Debug\UserMode\UserMode Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\Managed Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\Microsoft .NET Framework 3.0 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe [1] 2002-08-29 15:00:00 703488 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation) [1] 2004-08-04 02:56:50 743936 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe () [1] 2004-08-04 02:56:50 743936 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation) [1] 2004-08-04 02:56:50 743936 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\helpsvc.exe (Microsoft Corporation) [1] 2008-04-13 19:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\News\News Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\10\msft\windows\windows Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\52\msft\windows\net\net Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\60\msft\windows\common\common Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\70\msft\windows\windows Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe [1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation) [1] 2004-10-14 13:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation) [1] 2004-10-14 13:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation) [1] 2004-10-14 13:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation) [1] 2004-10-14 13:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation) [1] 2004-11-30 16:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation) [1] 2004-11-30 16:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB901190\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920342\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB923191\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation) [1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB924496\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB925720\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB925876\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB926247\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB928090\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation) [1] 2007-12-03 10:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation) [1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation) [1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation) [1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation) [1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation) [1] 2004-07-18 00:55:34 655872 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\update\update.exe (Microsoft Corporation) [1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\1d5cae1db1c525dbb30a9177294f0dcc\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe () [1] 2008-03-20 14:41:20 742192 C:\WINDOWS\SoftwareDistribution\Download\a49d784415582d2f98c84ceb0a75d898\update\update.exe (Microsoft Corporation) [1] 2008-07-08 08:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe () [1] 2007-08-10 22:46:20 755576 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:21 716000 C:\WINDOWS\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\update\update.exe (Microsoft Corporation) [1] 2005-06-28 11:24:52 716000 C:\WINDOWS\SoftwareDistribution\Download\f02c2828ce1a7e59faeaf4f021a92e1c\update\update.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe [1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation) [1] 2004-10-14 13:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation) [1] 2004-10-14 13:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation) [1] 2004-10-14 13:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation) [1] 2004-10-14 13:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation) [1] 2004-11-30 16:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation) [1] 2004-11-30 16:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB901190\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation) [1] 2005-02-24 22:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920342\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB923191\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation) [1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB924496\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB925720\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB925876\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB926247\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB928090\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation) [1] 2007-12-03 10:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation) [1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation) [1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation) [1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation) [1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation) [1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation) [1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation) [1] 2004-07-18 00:55:34 655872 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\update\update.exe (Microsoft Corporation) [1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\1d5cae1db1c525dbb30a9177294f0dcc\update\update.exe (Microsoft Corporation) [1] 2005-10-12 18:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation) [1] 2009-05-26 06:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe () [1] 2008-03-20 14:41:20 742192 C:\WINDOWS\SoftwareDistribution\Download\a49d784415582d2f98c84ceb0a75d898\update\update.exe (Microsoft Corporation) [1] 2008-07-08 08:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe () [1] 2007-08-10 22:46:20 755576 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\update\update.exe (Microsoft Corporation) [1] 2007-03-05 20:22:56 716000 C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\update\update.exe (Microsoft Corporation) [1] 2006-01-19 14:29:21 716000 C:\WINDOWS\SoftwareDistribution\Download\e7315ae76f5adc7c9afda4e7adacef1d\update\update.exe (Microsoft Corporation) [1] 2005-06-28 11:24:52 716000 C:\WINDOWS\SoftwareDistribution\Download\f02c2828ce1a7e59faeaf4f021a92e1c\update\update.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TempDir\TempDir Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\dumprep.exe [1] 2002-08-29 15:00:00 9216 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation) [1] 2004-08-04 02:56:48 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation) [1] 2004-08-04 02:56:48 10752 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 19:12:18 10752 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\dumprep.exe (Microsoft Corporation) [1] 2004-08-04 02:56:48 10752 C:\WINDOWS\system32\dumprep.exe () Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2002-08-29 15:00:00 49152 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 55808 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 55808 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2004-08-04 02:56:42 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\MRT.exe [1] 2009-08-28 14:38:22 24689600 C:\WINDOWS\system32\MRT.exe () Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\runtime\runtime Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\IA64\IA64 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\W32ALPHA\W32ALPHA Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\WPDNSE\WPDNSE Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\~offfilt\~offfilt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\43594\43594 Mount point destination : \Device\__max++>\^ Finished! |
|
|
|
|
10-06-2009, 08:39 PM
|
#3 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,618
OS: 2000 Pro; XP Pro; XP Home
|
Re: Max++ trying to take over the world....
Hello, and Welcome to TSF.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. --------------------------------------------------------------------------------------------- Run Win32kdiag using this command Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. "%userprofile%\desktop\win32kdiag.exe" -f -r
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-08-2009, 04:23 PM
|
#4 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Re: Max++ trying to take over the world....
Ok, thanks for your help, I am running Win32kdiag using your settings. I will post it when it is done
Jay Here it is... Running from: C:\Documents and Settings\Jay\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\Jay\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143 Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653 Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615 Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844 Found mount point : C:\WINDOWS\$hf_mig$\KB958690\KB958690 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB958690\KB958690 Found mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961 Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Found mount point : C:\WINDOWS\assembly\GAC\GAC Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\GAC\GAC Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP109.tmp\ZAP109.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP109.tmp\ZAP109.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D.tmp\ZAP1D.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D.tmp\ZAP1D.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA2.tmp\ZAPA2.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA2.tmp\ZAPA2.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEE.tmp\ZAPEE.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEE.tmp\ZAPEE.tmp Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\temp\temp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\Debug\UserMode\UserMode Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\Managed Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\Managed Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\Microsoft .NET Framework 3.0 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\Microsoft .NET Framework 3.0 Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\mui\mui Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe Attempting to restore permissions of : C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\News\News Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System\News\News Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PIF\PIF Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Found mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\10\msft\windows\windows Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\10\msft\windows\windows Found mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\52\msft\windows\net\net Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\52\msft\windows\net\net Found mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\60\msft\windows\common\common Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\60\msft\windows\common\common Found mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\70\msft\windows\windows Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\backup\asms\70\msft\windows\windows Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Cannot access: C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70 Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1025\1025 Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1028\1028 Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1031\1031 Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1037\1037 Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1041\1041 Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1042\1042 Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1054\1054 Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\2052\2052 Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3076\3076 Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Found mount point : C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TempDir\TempDir Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TempDir\TempDir Found mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\dhcp\dhcp Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn Cannot access: C:\WINDOWS\system32\dumprep.exe Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe Cannot access: C:\WINDOWS\system32\eventlog.dll Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll [1] 2002-08-29 15:00:00 49152 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 55808 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 55808 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 02:56:42 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2004-08-04 02:56:42 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\export\export Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Cannot access: C:\WINDOWS\system32\MRT.exe Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\sample\sample Found mount point : C:\WINDOWS\system32\runtime\runtime Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\runtime\runtime Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt Found mount point : C:\WINDOWS\system32\spool\drivers\IA64\IA64 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\drivers\IA64\IA64 Found mount point : C:\WINDOWS\system32\spool\drivers\W32ALPHA\W32ALPHA Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\drivers\W32ALPHA\W32ALPHA Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp Found mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\drivers\WIN40\WIN40 Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wins\wins Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\xircom\xircom Found mount point : C:\WINDOWS\Temp\WPDNSE\WPDNSE Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\WPDNSE\WPDNSE Found mount point : C:\WINDOWS\Temp\~offfilt\~offfilt Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\~offfilt\~offfilt Found mount point : C:\WINDOWS\WinSxS\InstallTemp\43594\43594 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\43594\43594 Finished! Last edited by jayhenson; 10-08-2009 at 04:31 PM. Reason: update |
|
|
|
|
10-08-2009, 04:35 PM
|
#5 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Re: Max++ trying to take over the world....
another quick note
When it boots up, it gives me two errors (these were 2 files that I deleted while engaged in battle with this demon malware) the errors were: Error loading c:/windows/system32/dadiwewa.dll Error loading c:/windows/system32/wefeyubi.dll in case it was important.... Jay |
|
|
|
|
10-08-2009, 06:30 PM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,618
OS: 2000 Pro; XP Pro; XP Home
|
Re: Max++ trying to take over the world....
Hi Jay, thanks for the info, those error messages should be resolved shortly.
Next steps....
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-09-2009, 07:24 PM
|
#7 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Re: Max++ trying to take over the world....
Ok, here is the issue so far. Combofix comes up with a warning box that AVG Anti-Virus Free is running. I dont have it installed. I cannot see in the services where it is even running and I don't know of any other way in XP to see if it is a process that I can just turn off. There is no indication in the notification area that AVG is running and after allowing the combofix program to continue running, it does nothing. No report except for a brief blue screen box that mentiones something about grep. any ideas? I am going to try and get more info from it.
Thanks Jay Additionally. combo fix immediately comes back with a warning that it has detected rootkit activity and needs to reboot. It reboots, then nothing. I am back to square one with trying to run combofix again and it goes through the same sequence.... :( Last edited by jayhenson; 10-09-2009 at 07:26 PM. Reason: more info |
|
|
|
|
10-09-2009, 09:43 PM
|
#8 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,618
OS: 2000 Pro; XP Pro; XP Home
|
Re: Max++ trying to take over the world....
There are AVG drivers showing in the initial gmer log. Was AVG once installed, but you've since uninstalled it? It may still be registered with WMI. I think you can ignore that message if it's not fully installed.
Open notepad and copy/paste the text in the quotebox below into it: Quote:
It should look like this:  Double click on fix.bat & allow it to run Reboot the machine. Locate these folders if present and delete them * C:\QooBox\LastRun * C:\QooBox\BackEnv * Existing copy of ComboFix Download ComboFix once more, this time rename it to ComFx and run it.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
10-11-2009, 06:45 PM
|
#9 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Re: Max++ trying to take over the world....
It would seem that the wireless ability of my laptop has stopped working (a bit of a coincidence). I will use my other machine to d/l the new Combofix and use a cd to transfer it over. will post the log asap.
Jay |
|
|
|
|
10-11-2009, 08:20 PM
|
#10 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Re: Max++ trying to take over the world....
Ok, got it to finally run, go through its stages and then reboot.....no log file, or rather I do not know where to find the log file. It is not apparent on the desktop and a generic search is not turning it up. Any hints?
Peace Jay On another note, my wifi capabilities have returned Last edited by jayhenson; 10-11-2009 at 08:30 PM. Reason: more info |
|
|
|
|
10-11-2009, 08:54 PM
|
#11 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,618
OS: 2000 Pro; XP Pro; XP Home
|
Re: Max++ trying to take over the world....
If ComboFix completed it's run, the log produced should both open automatically, and be located at C:\ComboFix.txt
If it's not there, there might be a partial log at C:\ComboFix\ComboFix.txt
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-12-2009, 11:28 AM
|
#12 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Re: Max++ trying to take over the world....
This is the [very short] log file I found. Combofix ran, went through all its stages, deleted a coupe of dll files informed me I had corrupted system files and tried to recover eventlog.dll. It ten rebooted and after I reselected my account, it continued and informed that it would be writing a log file and to not disturb it. After about 10 minutes, no log file was forthcoming so I went hunting for it. I looked in the folder that combofix was occupying and fount a combofic text file but it is very short and I am not at all sure this is what you wanted. but....
ComboFix 09-10-11.01 - Jay 10/12/2009 11:59:21.3.1 - NTFSx86 Running from: C:\Documents and Settings\Jay\Desktop\Combo-Fix.exe . That does not appear to really be a "log report" as I would expect. What next. Thank you for your patience and for just being there for us casual computer users 
|
|
|
|
|
10-12-2009, 11:35 AM
|
#13 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,618
OS: 2000 Pro; XP Pro; XP Home
|
Re: Max++ trying to take over the world....
Please go to Start > Run and copy/paste the following, then press Enter:
C:\QooBox\ComboFix-quarantined-files.txt Post the contents of the logfile which will open.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-13-2009, 12:26 PM
|
#14 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Re: Max++ trying to take over the world....
Well, it would seem there is no such animal. I tried the above line in the run box (C:\QooBox\ComboFix-quarantined-files.txt) and there was no file of that name. I opened explorer and went searching for it and there was no file available. Sorry this is being such a pain!
Peace Jay |
|
|
|
|
10-13-2009, 02:34 PM
|
#15 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,618
OS: 2000 Pro; XP Pro; XP Home
|
Re: Max++ trying to take over the world....
Boot the machine to Safe Mode with Networking.
Restart your computer and boot into Safe Mode with Networking by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode with Networking from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Run ComboFix once again, allow it to update if it requests you do so. Post the log when it completes.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-13-2009, 03:37 PM
|
#16 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Re: Max++ trying to take over the world....
Whew, finally!
Here is the log file ComboFix 09-10-13.01 - Jay 10/13/2009 16:21.4.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.203 [GMT -5:00] Running from: c:\documents and settings\Jay\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk . ---- Previous Run ------- . c:\windows\system32\gipunowe.dll c:\windows\system32\sobamehu.dll Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll -- Previous Run -- c:\windows\system32\eventlog.dll . . . is infected!! -------- . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 ))))))))))))))))))))))))))))))) . 2009-10-12 03:59 . 2002-08-15 15:11 151552 ----a-w- c:\windows\system32\HPConfig.exe 2009-10-12 03:59 . 2002-10-07 18:18 73728 ------w- c:\windows\system32\InstHpci.dll 2009-10-12 03:58 . 2002-07-17 17:09 14504 ----a-w- c:\windows\system32\drivers\hpci.sys 2009-10-12 03:57 . 2009-10-12 03:57 -------- d-----w- c:\program files\ATI Technologies 2009-10-12 03:00 . 2009-10-12 03:59 -------- d-----w- c:\program files\HPQ 2009-10-12 02:16 . 2009-10-12 02:16 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\Mozilla 2009-10-11 22:05 . 2009-10-12 01:54 -------- d-----w- C:\ComboFix-15171C 2009-10-06 17:22 . 2009-10-13 21:21 -------- d--h--w- c:\windows\PIF 2009-10-06 17:21 . 2009-10-06 17:22 -------- d-----w- c:\program files\a-squared HiJackFree 2009-10-06 17:18 . 2009-10-06 17:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-06 17:18 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-06 17:18 . 2009-10-06 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-06 17:18 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-06 17:18 . 2009-10-06 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-06 15:34 . 2009-10-06 15:36 -------- d-----w- c:\program files\Windows Live Safety Center 2009-10-06 15:16 . 2009-10-10 00:28 -------- d-----w- c:\documents and settings\Jay\Application Data\Reg Tool 2009-10-06 15:14 . 2009-10-13 21:26 -------- d-----w- c:\program files\Reg Tool 2009-10-06 15:09 . 2009-10-06 15:09 -------- d-----w- c:\documents and settings\Jay\Application Data\Apple Computer 2009-10-06 15:03 . 2009-10-06 15:05 -------- d-----w- c:\windows\system32\NtmsData 2009-10-06 14:49 . 2009-10-06 14:49 -------- d-----w- c:\documents and settings\Jay\Application Data\AT&T 2009-10-06 14:49 . 2009-10-06 15:09 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\Apple Computer 2009-10-06 14:48 . 2009-10-06 14:49 -------- d-----w- c:\documents and settings\Jay\Application Data\Sierra Wireless 2009-10-06 13:21 . 2009-10-06 13:21 128352 ----a-w- c:\windows\system32\2e92.dll 2009-10-06 13:21 . 2009-10-06 13:21 54624 ----a-w- c:\windows\system32\2e92.sys 2009-10-06 09:36 . 2009-10-06 09:36 128352 ----a-w- c:\windows\system32\5d820.dll 2009-10-06 09:36 . 2009-10-06 09:36 54624 ----a-w- c:\windows\system32\5d820.sys 2009-10-06 09:28 . 2009-10-06 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2009-10-06 09:25 . 2009-10-06 16:15 -------- d-----w- c:\program files\STOPzilla! 2009-10-06 09:25 . 2009-10-06 09:25 -------- d-----w- c:\program files\Common Files\iS3 2009-10-06 09:24 . 2009-10-06 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-10-06 08:21 . 2009-10-06 17:44 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-06 08:21 . 2009-10-06 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-06 06:40 . 2009-10-06 06:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools 2009-10-06 05:22 . 2009-10-06 05:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sierra Wireless 2009-10-06 05:20 . 2009-10-06 05:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2009-10-06 05:20 . 2009-10-06 05:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2009-10-06 04:38 . 2008-12-11 14:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-10-06 04:38 . 2009-08-24 20:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-10-06 04:38 . 2009-08-19 17:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-10-06 04:38 . 2009-10-06 04:39 -------- d-----w- c:\program files\Common Files\PC Tools 2009-10-06 04:38 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-10-06 04:38 . 2009-10-06 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-10-06 04:38 . 2009-10-06 08:24 -------- d-----w- c:\program files\Spyware Doctor 2009-10-06 04:38 . 2009-10-06 04:38 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools 2009-10-06 03:56 . 2009-10-06 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-10-06 03:56 . 2009-10-06 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-10-06 03:54 . 2009-10-06 03:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Bytemobile 2009-10-06 02:53 . 2009-07-22 22:44 197504 ----a-w- c:\windows\system32\drivers\swnc8u56.sys 2009-10-06 02:52 . 2009-07-22 22:44 148992 ----a-w- c:\windows\system32\drivers\swumx56.sys 2009-10-06 02:52 . 2009-10-06 02:52 -------- d-----w- c:\documents and settings\Owner\Application Data\AT&T 2009-10-06 02:50 . 2009-10-06 02:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\Bytemobile 2009-10-06 02:46 . 2009-10-06 02:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bytemobile 2009-10-06 02:46 . 2003-09-08 20:43 89728 ----a-w- c:\windows\system32\drivers\usbvsp.sys 2009-10-06 02:46 . 2009-10-06 02:46 -------- d-----w- c:\documents and settings\Owner\Application Data\DBUpdater 2009-10-06 02:45 . 2008-03-06 21:57 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys 2009-10-06 02:38 . 2009-01-14 20:20 28288 ----a-w- c:\windows\system32\drivers\swmsflt.sys 2009-10-06 02:37 . 2007-01-18 16:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys 2009-10-06 02:34 . 2009-10-06 02:34 -------- d-----w- c:\program files\Common Files\Research in Motion 2009-10-06 02:34 . 2009-10-06 02:34 -------- d-----w- c:\program files\AT&T 2009-10-06 02:34 . 2009-10-06 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T 2009-10-06 02:32 . 2009-10-06 02:32 -------- d-----w- c:\program files\Option 2009-10-06 02:31 . 2009-10-06 02:31 -------- d-----w- c:\program files\Common Files\Motorola Shared 2009-10-06 02:28 . 2009-10-06 03:11 -------- d-----w- c:\program files\Sierra Wireless Inc 2009-10-06 02:28 . 2009-10-06 02:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Sierra Wireless 2009-10-05 22:30 . 2009-10-05 22:30 18211 ----a-w- c:\windows\xoqif.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-12 03:59 . 2007-05-03 17:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-06 14:46 . 2009-10-06 14:45 23912 ----a-w- c:\documents and settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-06 09:04 . 2002-08-29 20:00 15360 ----a-w- c:\windows\system32\taskman.exe 2009-10-06 08:32 . 2007-05-07 00:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-05 22:30 . 2009-10-05 22:30 10798 ----a-w- c:\program files\Common Files\atijage.lib 2009-10-05 22:30 . 2009-10-05 22:30 10046 ----a-w- c:\program files\Common Files\ixej.lib 2009-10-05 22:28 . 2009-09-02 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\12106724 2009-09-04 04:45 . 2009-06-04 04:45 49152 --sha-w- c:\windows\system32\zodatibo.dll 2009-09-04 04:45 . 2009-06-04 04:45 88064 --sha-w- c:\windows\system32\zelokore.dll 2009-09-02 21:08 . 2009-09-02 21:08 69120 ----a-w- c:\windows\system32\drivers\stipufyoijfdxvrt.sys 2009-09-02 21:08 . 2009-06-02 21:07 831524 --sha-w- c:\windows\system32\tuyubeva.exe 2009-08-31 00:03 . 2008-03-06 01:02 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-05 09:11 . 2002-08-29 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-28 04:39 . 2008-07-12 15:32 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat 2009-07-20 19:57 . 2009-07-20 19:57 17408 ----a-r- c:\windows\system32\SZIO5.dll 2009-07-20 19:56 . 2009-07-20 19:56 311296 ----a-r- c:\windows\system32\SZBase5.dll 2009-07-20 19:56 . 2009-07-20 19:56 540672 ----a-r- c:\windows\system32\SZComp5.dll 2009-07-17 18:55 . 2002-08-29 20:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-06-04 04:45 . 2009-06-04 04:45 49152 --sha-w- c:\windows\system32\zifutoro.dll . ------- Sigcheck ------- [-] 2009-09-02 20:49 . 1EA0D969EC2A78C403B4A28D48FACE60 . 29184 . . [------] . . c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Reg Tool"="c:\program files\Reg Tool\Reg Tool.exe" [2009-09-29 38290696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-03 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-03 692316] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-05-02 33280] "TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-08-14 562456] "WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-08-14 62744] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 335872] "TV Now"="c:\program files\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 282624] "Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds.exe"= "c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/5/2009 11:38 PM 206256] R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328] R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [4/30/2007 3:58 PM 26624] R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2/17/2004 6:58 PM 292352] R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2/17/2004 6:59 PM 273536] R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [3/26/2007 2:18 PM 20352] S3 050B;050B;\??\c:\windows\system32\050B.sys --> c:\windows\system32\050B.sys [?] S3 10710;10710;\??\c:\windows\system32\10710.sys --> c:\windows\system32\10710.sys [?] S3 2a38;2a38;\??\c:\windows\system32\2a38.sys --> c:\windows\system32\2a38.sys [?] S3 2e92;2e92;c:\windows\system32\2e92.sys [10/6/2009 8:21 AM 54624] S3 2ef4;2ef4;\??\c:\windows\system32\2ef4.sys --> c:\windows\system32\2ef4.sys [?] S3 2f17;2f17;\??\c:\windows\system32\2f17.sys --> c:\windows\system32\2f17.sys [?] S3 529A;529A;\??\c:\windows\system32\529A.sys --> c:\windows\system32\529A.sys [?] S3 5d820;5d820;c:\windows\system32\5d820.sys [10/6/2009 4:36 AM 54624] S3 7973;7973;\??\c:\windows\system32\7973.sys --> c:\windows\system32\7973.sys [?] S3 8366;8366;\??\c:\windows\system32\8366.sys --> c:\windows\system32\8366.sys [?] S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [3/6/2008 5:10 PM 106496] S3 b04C;b04C;\??\c:\windows\system32\b04C.sys --> c:\windows\system32\b04C.sys [?] S3 bb2F;bb2F;\??\c:\windows\system32\bb2F.sys --> c:\windows\system32\bb2F.sys [?] S3 c00E;c00E;\??\c:\windows\system32\c00E.sys --> c:\windows\system32\c00E.sys [?] S3 ec92;ec92;\??\c:\windows\system32\ec92.sys --> c:\windows\system32\ec92.sys [?] S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [8/14/2007 5:44 PM 23208] S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [8/14/2007 5:44 PM 17448] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/5/2009 11:38 PM 348752] S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [10/5/2009 9:53 PM 197504] S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [10/5/2009 9:52 PM 148992] S3 WinPhlash;WinPhlash;c:\swsetup\sp28200\PhlashNT.sys [3/5/2004 5:23 PM 21984] . Contents of the 'Scheduled Tasks' folder 2009-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2009-09-02 c:\windows\Tasks\Norton Security Scan for Owner.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-16 00:02] 2009-10-13 c:\windows\Tasks\Reg Tool Scan.job - c:\program files\Reg Tool\Reg Tool.exe [2009-09-29 15:30] c:\windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll LSP: bmnet.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\poxcnprw.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe HKLM-Run-zojerobog - c:\windows\system32\wefeyubi.dll HKLM-Run-pimuwifoho - c:\windows\system32\dadiwewa.dll HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe SharedTaskScheduler-{bef58eea-33c0-4650-8a23-399ac75189d0} - c:\windows\system32\wefeyubi.dll SSODL-ripezilab-{bef58eea-33c0-4650-8a23-399ac75189d0} - c:\windows\system32\wefeyubi.dll Notify-avgrsstarter - avgrsstx.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-13 16:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(840) c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll c:\windows\system32\bmnet.dll - - - - - - - > 'explorer.exe'(3632) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\bmwebcfg.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\HPConfig.exe c:\program files\HPQ\Notebook Utilities\HPWirelessMgr.exe c:\windows\system32\snmp.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-10-13 16:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-13 21:35 Pre-Run: 54,993,227,776 bytes free Post-Run: 55,138,029,568 bytes free 263 --- E O F --- 2009-10-13 16:01 |
|
|
|
|
10-13-2009, 03:48 PM
|
#17 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,618
OS: 2000 Pro; XP Pro; XP Home
|
Re: Max++ trying to take over the world....
Great, glad to see we're making some progress. We still have quite a bit of work to do here....
Please go to: VirusTotal
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-13-2009, 04:10 PM
|
#18 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Re: Max++ trying to take over the world....
http://www.virustotal.com/analisis/9...7e2-1255471231
http://www.virustotal.com/analisis/0...509-1255471433 http://www.virustotal.com/analisis/7...39a-1255471613 http://www.virustotal.com/analisis/6...530-1255471738 I finally feel like we are getting somewhere!! Peace |
|
|
|
|
10-13-2009, 06:12 PM
|
#19 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,618
OS: 2000 Pro; XP Pro; XP Home
|
Re: Max++ trying to take over the world....
Ok, next steps....
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-14-2009, 10:09 AM
|
#20 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 27
OS: XP SP2
|
Re: Max++ trying to take over the world....
The files were successfully uploaded and here is the log.
ComboFix 09-10-13.04 - Jay 10/14/2009 10:55.5.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.200 [GMT -5:00] Running from: c:\documents and settings\Jay\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Jay\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\program files\Common Files\atijage.lib" "c:\program files\Common Files\ixej.lib" file zipped: c:\windows\system32\drivers\stipufyoijfdxvrt.sys file zipped: c:\windows\system32\tuyubeva.exe file zipped: c:\windows\system32\zelokore.dll file zipped: c:\windows\system32\zifutoro.dll file zipped: c:\windows\system32\zodatibo.dll file zipped: c:\windows\system32\2e92.dll file zipped: c:\windows\system32\2e92.sys file zipped: c:\windows\system32\5d820.dll file zipped: c:\windows\system32\5d820.sys file zipped: c:\windows\xoqif.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\12106724 c:\documents and settings\All Users\Application Data\12106724\12106724 c:\documents and settings\All Users\Application Data\12106724\pc12106724ins c:\program files\Common Files\atijage.lib c:\program files\Common Files\ixej.lib c:\windows\system32\drivers\stipufyoijfdxvrt.sys c:\windows\system32\tuyubeva.exe c:\windows\system32\zelokore.dll c:\windows\system32\zifutoro.dll c:\windows\system32\zodatibo.dll . ((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 ))))))))))))))))))))))))))))))) . 2009-10-12 03:59 . 2002-08-15 15:11 151552 ----a-w- c:\windows\system32\HPConfig.exe 2009-10-12 03:59 . 2002-10-07 18:18 73728 ------w- c:\windows\system32\InstHpci.dll 2009-10-12 03:58 . 2002-07-17 17:09 14504 ----a-w- c:\windows\system32\drivers\hpci.sys 2009-10-12 03:57 . 2009-10-12 03:57 -------- d-----w- c:\program files\ATI Technologies 2009-10-12 03:00 . 2009-10-12 03:59 -------- d-----w- c:\program files\HPQ 2009-10-12 02:16 . 2009-10-12 02:16 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\Mozilla 2009-10-11 22:05 . 2009-10-12 01:54 -------- d-----w- C:\ComboFix-15171C 2009-10-06 17:22 . 2009-10-13 21:21 -------- d--h--w- c:\windows\PIF 2009-10-06 17:21 . 2009-10-06 17:22 -------- d-----w- c:\program files\a-squared HiJackFree 2009-10-06 17:18 . 2009-10-06 17:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-06 17:18 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-06 17:18 . 2009-10-06 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-06 17:18 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-06 17:18 . 2009-10-06 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-06 15:34 . 2009-10-06 15:36 -------- d-----w- c:\program files\Windows Live Safety Center 2009-10-06 15:16 . 2009-10-10 00:28 -------- d-----w- c:\documents and settings\Jay\Application Data\Reg Tool 2009-10-06 15:14 . 2009-10-14 16:00 -------- d-----w- c:\program files\Reg Tool 2009-10-06 15:09 . 2009-10-06 15:09 -------- d-----w- c:\documents and settings\Jay\Application Data\Apple Computer 2009-10-06 15:03 . 2009-10-06 15:05 -------- d-----w- c:\windows\system32\NtmsData 2009-10-06 14:49 . 2009-10-06 14:49 -------- d-----w- c:\documents and settings\Jay\Application Data\AT&T 2009-10-06 14:49 . 2009-10-06 15:09 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\Apple Computer 2009-10-06 14:48 . 2009-10-06 14:49 -------- d-----w- c:\documents and settings\Jay\Application Data\Sierra Wireless 2009-10-06 13:21 . 2009-10-06 13:21 128352 ----a-w- c:\windows\system32\2e92.dll 2009-10-06 13:21 . 2009-10-06 13:21 54624 ----a-w- c:\windows\system32\2e92.sys 2009-10-06 09:36 . 2009-10-06 09:36 128352 ----a-w- c:\windows\system32\5d820.dll 2009-10-06 09:36 . 2009-10-06 09:36 54624 ----a-w- c:\windows\system32\5d820.sys 2009-10-06 09:28 . 2009-10-06 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2009-10-06 09:25 . 2009-10-06 16:15 -------- d-----w- c:\program files\STOPzilla! 2009-10-06 09:25 . 2009-10-06 09:25 -------- d-----w- c:\program files\Common Files\iS3 2009-10-06 09:24 . 2009-10-06 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-10-06 08:21 . 2009-10-06 17:44 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-06 08:21 . 2009-10-06 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-06 06:40 . 2009-10-06 06:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools 2009-10-06 05:22 . 2009-10-06 05:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sierra Wireless 2009-10-06 05:20 . 2009-10-06 05:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2009-10-06 05:20 . 2009-10-06 05:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2009-10-06 04:38 . 2008-12-11 14:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-10-06 04:38 . 2009-08-24 20:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-10-06 04:38 . 2009-08-19 17:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-10-06 04:38 . 2009-10-06 04:39 -------- d-----w- c:\program files\Common Files\PC Tools 2009-10-06 04:38 . 2008-12-10 17:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-10-06 04:38 . 2009-10-06 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-10-06 04:38 . 2009-10-06 08:24 -------- d-----w- c:\program files\Spyware Doctor 2009-10-06 04:38 . 2009-10-06 04:38 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools 2009-10-06 03:56 . 2009-10-06 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-10-06 03:56 . 2009-10-06 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-10-06 03:54 . 2009-10-06 03:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Bytemobile 2009-10-06 02:53 . 2009-07-22 22:44 197504 ----a-w- c:\windows\system32\drivers\swnc8u56.sys 2009-10-06 02:52 . 2009-07-22 22:44 148992 ----a-w- c:\windows\system32\drivers\swumx56.sys 2009-10-06 02:52 . 2009-10-06 02:52 -------- d-----w- c:\documents and settings\Owner\Application Data\AT&T 2009-10-06 02:50 . 2009-10-06 02:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\Bytemobile 2009-10-06 02:46 . 2009-10-06 02:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bytemobile 2009-10-06 02:46 . 2003-09-08 20:43 89728 ----a-w- c:\windows\system32\drivers\usbvsp.sys 2009-10-06 02:46 . 2009-10-06 02:46 -------- d-----w- c:\documents and settings\Owner\Application Data\DBUpdater 2009-10-06 02:45 . 2008-03-06 21:57 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys 2009-10-06 02:38 . 2009-01-14 20:20 28288 ----a-w- c:\windows\system32\drivers\swmsflt.sys 2009-10-06 02:37 . 2007-01-18 16:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys 2009-10-06 02:34 . 2009-10-06 02:34 -------- d-----w- c:\program files\Common Files\Research in Motion 2009-10-06 02:34 . 2009-10-06 02:34 -------- d-----w- c:\program files\AT&T 2009-10-06 02:34 . 2009-10-06 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T 2009-10-06 02:32 . 2009-10-06 02:32 -------- d-----w- c:\program files\Option 2009-10-06 02:31 . 2009-10-06 02:31 -------- d-----w- c:\program files\Common Files\Motorola Shared 2009-10-06 02:28 . 2009-10-06 03:11 -------- d-----w- c:\program files\Sierra Wireless Inc 2009-10-06 02:28 . 2009-10-06 02:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Sierra Wireless 2009-10-05 22:30 . 2009-10-05 22:30 18211 ----a-w- c:\windows\xoqif.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-12 03:59 . 2007-05-03 17:45 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-06 14:46 . 2009-10-06 14:45 23912 ----a-w- c:\documents and settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-06 09:04 . 2002-08-29 20:00 15360 ----a-w- c:\windows\system32\taskman.exe 2009-10-06 08:32 . 2007-05-07 00:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-31 00:03 . 2008-03-06 01:02 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-05 09:11 . 2002-08-29 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-28 04:39 . 2008-07-12 15:32 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat 2009-07-20 19:57 . 2009-07-20 19:57 17408 ----a-r- c:\windows\system32\SZIO5.dll 2009-07-20 19:56 . 2009-07-20 19:56 311296 ----a-r- c:\windows\system32\SZBase5.dll 2009-07-20 19:56 . 2009-07-20 19:56 540672 ----a-r- c:\windows\system32\SZComp5.dll 2009-07-17 18:55 . 2002-08-29 20:00 58880 ----a-w- c:\windows\system32\atl.dll . ------- Sigcheck ------- [-] 2009-09-02 20:49 . 1EA0D969EC2A78C403B4A28D48FACE60 . 29184 . . [------] . . c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((( SnapShot@2009-10-13_21.31.54 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-14 15:47 . 2009-10-14 15:47 16384 c:\windows\temp\Perflib_Perfdata_1dc.dat + 2002-08-29 20:00 . 2009-10-14 15:51 53006 c:\windows\system32\perfc009.dat - 2002-08-29 20:00 . 2009-10-13 21:21 53006 c:\windows\system32\perfc009.dat + 2002-08-29 20:00 . 2009-10-14 15:51 340168 c:\windows\system32\perfh009.dat - 2002-08-29 20:00 . 2009-10-13 21:21 340168 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Reg Tool"="c:\program files\Reg Tool\Reg Tool.exe" [2009-09-29 38290696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-03 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-03 692316] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-05-02 33280] "TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-08-14 562456] "WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-08-14 62744] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 335872] "TV Now"="c:\program files\HPQ\Notebook Utilities\TvNow.exe" [2003-01-30 282624] "Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds.exe"= "c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/5/2009 11:38 PM 206256] R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328] R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\alifir.sys [4/30/2007 3:58 PM 26624] R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [2/17/2004 6:58 PM 292352] R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2/17/2004 6:59 PM 273536] R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [3/26/2007 2:18 PM 20352] S3 050B;050B;\??\c:\windows\system32\050B.sys --> c:\windows\system32\050B.sys [?] S3 10710;10710;\??\c:\windows\system32\10710.sys --> c:\windows\system32\10710.sys [?] S3 2a38;2a38;\??\c:\windows\system32\2a38.sys --> c:\windows\system32\2a38.sys [?] S3 2e92;2e92;c:\windows\system32\2e92.sys [10/6/2009 8:21 AM 54624] S3 2ef4;2ef4;\??\c:\windows\system32\2ef4.sys --> c:\windows\system32\2ef4.sys [?] S3 2f17;2f17;\??\c:\windows\system32\2f17.sys --> c:\windows\system32\2f17.sys [?] S3 529A;529A;\??\c:\windows\system32\529A.sys --> c:\windows\system32\529A.sys [?] S3 5d820;5d820;c:\windows\system32\5d820.sys [10/6/2009 4:36 AM 54624] S3 7973;7973;\??\c:\windows\system32\7973.sys --> c:\windows\system32\7973.sys [?] S3 8366;8366;\??\c:\windows\system32\8366.sys --> c:\windows\system32\8366.sys [?] S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [3/6/2008 5:10 PM 106496] S3 b04C;b04C;\??\c:\windows\system32\b04C.sys --> c:\windows\system32\b04C.sys [?] S3 bb2F;bb2F;\??\c:\windows\system32\bb2F.sys --> c:\windows\system32\bb2F.sys [?] S3 c00E;c00E;\??\c:\windows\system32\c00E.sys --> c:\windows\system32\c00E.sys [?] S3 ec92;ec92;\??\c:\windows\system32\ec92.sys --> c:\windows\system32\ec92.sys [?] S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [8/14/2007 5:44 PM 23208] S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [8/14/2007 5:44 PM 17448] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/5/2009 11:38 PM 348752] S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [10/5/2009 9:53 PM 197504] S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [10/5/2009 9:52 PM 148992] S3 WinPhlash;WinPhlash;c:\swsetup\sp28200\PhlashNT.sys [3/5/2004 5:23 PM 21984] . Contents of the 'Scheduled Tasks' folder 2009-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2009-09-02 c:\windows\Tasks\Norton Security Scan for Owner.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-16 00:02] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll LSP: bmnet.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\poxcnprw.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-14 11:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(836) c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll c:\windows\system32\bmnet.dll . Completion time: 2009-10-14 11:04 ComboFix-quarantined-files.txt 2009-10-14 16:04 ComboFix2.txt 2009-10-13 21:35 Pre-Run: 55,140,515,840 bytes free Post-Run: 55,099,871,232 bytes free 238 --- E O F --- 2009-10-13 16:01 Upload was successful Thanks again and I am feeling more optimistic with every step
|
|
|
|
| Thread Tools | |
|
|
