Jump to content

Help123

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by Help123

  1. Help123
    Combo fix has been removed. Thanks for the help Subs. Your a life saver!!!
  2. Help123
    I received a message that said 'deleted successfully' and then 'press any key to continue'. No log file was generated as far as I can tell.
  3. Help123
    It worked after I renamed to iexplore.exe **************************************** ComboFix 09-08-28.06 - M 08/29/2009 15:15.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.706 [GMT -4:00] Running from: c:\documents and settings\M\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\M\LOCALS~1\Temp\1.wmv C:\install.exe c:\recycler\S-1-5-21-2000478354-57989841-682003330-1003 c:\recycler\S-1-5-21-3326566850-1967322273-1917738269-1003 c:\recycler\S-1-5-21-4151702696-3272552572-3998422218-1003 c:\windows\Installer\11666c.msi c:\windows\Installer\WinRMSrv.msi c:\windows\msa.exe c:\windows\run.log c:\windows\system32\drivers\kbiwkmrdmftqgw.sys c:\windows\system32\drivers\UACjklthvdqer.sys c:\windows\system32\kbiwkmdofvbcvn.dat c:\windows\system32\kbiwkmlgibyeyo.dll c:\windows\system32\kbiwkmtjdcnjnr.dll c:\windows\system32\kbiwkmwrmjfcne.dat c:\windows\system32\uacinit.dll c:\windows\system32\UACnqfeglledp.dll c:\windows\system32\UACoaglclkilt.dll c:\windows\system32\UACsmjpmiwwoy.dll c:\windows\system32\UACtlcaiuveqd.dat c:\windows\system32\UACvkhcxrqqrg.db c:\windows\system32\UACxjaoemigxy.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kbiwkmsargompx -------\Legacy_kbiwkmsargompx -------\Service_UACd.sys -------\Legacy_UACd.sys -------\Legacy_OREANS32 -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} -------\Service_oreans32 ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 ))))))))))))))))))))))))))))))) . 2009-08-29 18:52 . 2009-08-29 18:52 262144 ----a-w- C:\ntuser.dat 2009-08-28 18:37 . 2009-08-28 18:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-08-28 17:58 . 2009-08-28 17:58 -------- d-----w- C:\!KillBox 2009-08-28 17:36 . 2009-08-28 17:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-08-28 16:44 . 2009-08-28 16:44 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee.com Personal Firewall 2009-08-28 16:41 . 2009-08-28 16:41 -------- d-----w- c:\program files\Trend Micro 2009-08-28 15:20 . 2009-08-28 15:20 -------- d-----w- C:\spoolerlogs 2009-08-12 07:00 . 2009-08-12 07:00 -------- d-----w- c:\windows\ServicePackFiles 2009-08-07 00:41 . 2009-08-07 00:41 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-07 00:41 . 2009-08-07 00:41 -------- d-----w- c:\program files\MSBuild 2009-08-07 00:41 . 2009-08-07 00:41 -------- d-----w- c:\program files\Reference Assemblies 2009-08-07 00:41 . 2009-08-07 00:41 -------- d-----w- C:\8d0248e08735649a85e9cbfae637 2009-08-07 00:41 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-07 00:41 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-07 00:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-07 00:41 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-07 00:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-07 00:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-07 00:41 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-07 00:40 . 2009-08-29 18:32 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-06 07:00 . 2009-08-06 23:00 -------- d-----w- C:\7d93dac6de1cf63ae86da41e0049 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-22 04:00 . 2006-05-29 13:56 56320 ----a-w- c:\windows\gendel32.exe 2009-08-29 19:33 . 2006-01-15 17:04 -------- d-----w- c:\documents and settings\M\Application Data\OpenOffice.org2 2009-08-29 19:32 . 2006-07-15 17:52 -------- d-----w- c:\documents and settings\M\Application Data\yahoo! 2009-08-29 18:52 . 2007-11-14 23:46 495448 ------w- c:\documents and settings\All Users\Application Data\yahoo!\SearchProtection\fudogsetupUS.exe 2009-08-07 01:15 . 2006-01-14 00:17 14696 ----a-w- c:\documents and settings\M\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 09:11 . 2005-02-01 20:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 01:51 . 2006-01-09 20:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-17 18:55 . 2005-02-01 20:30 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2005-02-01 20:30 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2005-02-01 20:30 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2005-02-01 20:30 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2005-02-01 20:30 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:55 . 2005-02-01 20:30 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:55 . 2005-02-01 20:30 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 01:57 . 2008-12-09 00:53 10134 ----a-r- c:\documents and settings\M\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe 2009-06-12 11:50 . 2005-02-01 20:30 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:21 . 2005-02-01 20:30 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2005-02-01 20:30 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 07:42 . 2005-02-25 22:25 655872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2005-02-01 20:30 1290752 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "PlayNC Launcher"="c:\program files\NCSoft\Launcher\NCLauncher.exe" [2007-04-17 38392] "Eraser"="c:\program files\Eraser\eraser.exe" [2007-07-28 277328] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-03-05 942080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-13 1450096] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975] "VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552] "VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840] "OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248] "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104] "MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992] "MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096] "MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592] "MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304] "WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "Ptipbmf"="ptipbmf.dll" - c:\windows\system32\ptipbmf.dll [2003-06-20 118784] "ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2003-12-18 106496] "PtiuPbmd"="ptipbm.dll" - c:\windows\system32\ptipbm.dll [2003-01-16 24576] c:\documents and settings\M\Start Menu\Programs\Startup\ OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760] Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Alien Arena 2007\\crx.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"= "c:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"= "c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"= "c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"= "c:\\Program Files\\Steam\\steam.exe"= "c:\\Program Files\\Steam\\SteamApps\\afterimage999\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"= "c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/19/2009 1:50 PM 64160] R0 Si3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2/25/2005 6:39 PM 97920] R0 SiSRaid1;SiSRaid1;c:\windows\system32\drivers\SiSRaid1.sys [2/25/2005 6:39 PM 45568] R0 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [2/25/2005 6:39 PM 29184] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2/25/2005 6:39 PM 77056] R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [1/26/2005 12:47 PM 65604] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 951632] S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [11/1/2004 3:16 PM 17536] S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [8/4/2006 10:09 AM 201728] . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) URLSearchHooks-~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) HKCU-Run-SpySweeper - (no file) HKLM-Run-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: EarthLink Google Search - c:\program files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm LSP: c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll FF - ProfilePath - c:\documents and settings\M\Application Data\Mozilla\Firefox\Profiles\834b94jv.default\ FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-29 15:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2723945472-704956312-1949861602-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0] "Percents"="0 0.1142 0.2327 0.467 0.8519 0.901 0.9069 " "Increment"=".003472" "FRT"="Ez84kg4HqHEfaG98RD7w4omnHPUFMw1ZKDGsj+tJCiM2hddAY2WTqQ==" "PLCK"="Sw4RiTt2QPwQVqB7b0NjsdpZT8M/XHun" "PHSH"="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(720) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(776) c:\program files\EarthLink TotalAccess\Accelerator\prplsf.dll - - - - - - - > 'explorer.exe'(572) c:\windows\system32\WININET.dll c:\docume~1\M\LOCALS~1\Temp\IadHide5.dll c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\progra~1\mcafee.com\vso\McVSSkt.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Ahead\InCD\incdsrv.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\McAfee.com\VSO\McVSEscn.exe c:\windows\system32\drivers\KodakCCS.exe c:\program files\Java\jre1.5.0_03\bin\jucheck.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\McAfee.com\Agent\Mcdetect.exe c:\progra~1\McAfee.com\Agent\McTskshd.exe c:\program files\OpenOffice.org 2.0\program\soffice.exe c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe c:\program files\OpenOffice.org 2.0\program\soffice.bin c:\progra~1\McAfee.com\VSO\mcvsftsn.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\progra~1\McAfee.com\PERSON~1\MpfService.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe . ************************************************************************** . Completion time: 2009-08-29 15:52 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-29 19:52 Pre-Run: 25,611,345,920 bytes free Post-Run: 32,698,802,176 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 278 --- E O F --- 2009-08-27 07:00 ************************************************
  4. Help123
    The Combofix exe does not run from my desktop. After clicking 'run' on the security warning box, I get an hour glass cursor for a few seconds then nothing
  5. Help123
    From running the fix.bat file: ********************************** Log file is located at: C:\Documents and Settings\M\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\addins\addins Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP107.tmp\ZAP107.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP107.tmp\ZAP107.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP317.tmp\ZAP317.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP317.tmp\ZAP317.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB14.tmp\ZAPB14.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB14.tmp\ZAPB14.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB36.tmp\ZAPB36.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB36.tmp\ZAPB36.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB73.tmp\ZAPB73.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB73.tmp\ZAPB73.tmp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\Debug\UserMode\UserMode Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\chsime\applets\applets Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\shared\res\res Found mount point : C:\WINDOWS\InCD\InCD Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\InCD\InCD Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\classes\classes Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\mui\mui Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe [1] 2004-08-04 08:00:00 743936 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe (Microsoft Corporation) [1] 2008-04-13 20:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\helpsvc.exe (Microsoft Corporation) [1] 2004-08-04 08:00:00 743936 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PIF\PIF Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70 Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1025\1025 Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1028\1028 Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1031\1031 Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1037\1037 Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1041\1041 Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1042\1042 Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1054\1054 Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\2052\2052 Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3076\3076 Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\ATI\ACE\ACE Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\ATI\ACE\ACE Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\CyberLink\PowerCinema\PowerCinema Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\CyberLink\PowerCinema\PowerCinema Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{7757593D-2048-48CF-BE56-1366F48FB294}\{7757593D-2048-48CF-BE56-1366F48FB294} Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{7757593D-2048-48CF-BE56-1366F48FB294}\{7757593D-2048-48CF-BE56-1366F48FB294} Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\Transcoded Files Cache\Transcoded Files Cache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\Transcoded Files Cache\Transcoded Files Cache Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Found mount point : C:\WINDOWS\system32\config\systemprofile\UserData\01KP8ROX\01KP8ROX Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\UserData\01KP8ROX\01KP8ROX Found mount point : C:\WINDOWS\system32\config\systemprofile\UserData\GZM52PMN\GZM52PMN Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\UserData\GZM52PMN\GZM52PMN Found mount point : C:\WINDOWS\system32\config\systemprofile\UserData\WFCLIFO3\WFCLIFO3 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\UserData\WFCLIFO3\WFCLIFO3 Found mount point : C:\WINDOWS\system32\config\systemprofile\UserData\YRE12ZM1\YRE12ZM1 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\UserData\YRE12ZM1\YRE12ZM1 Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\dhcp\dhcp Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn Cannot access: C:\WINDOWS\system32\dumprep.exe Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe [1] 2008-04-13 20:12:18 10752 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\dumprep.exe (Microsoft Corporation) [1] 2004-08-04 08:00:00 10752 C:\WINDOWS\system32\dllcache\dumprep.exe (Microsoft Corporation) [1] 2004-08-04 08:00:00 10752 C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\export\export Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\DswMedia\DswMedia Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\DswMedia\DswMedia Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\Prefs\Prefs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\Prefs\Prefs Found mount point : C:\WINDOWS\system32\Macromed\update\update Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Macromed\update\update Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\sample\sample Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wins\wins Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\xircom\xircom Found mount point : C:\WINDOWS\Temp\MCA12.tmp\tempinst\vsodat_cab\vsodat_cab Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\MCA12.tmp\tempinst\vsodat_cab\vsodat_cab Found mount point : C:\WINDOWS\Temp\MCA140.tmp\MCA140.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\MCA140.tmp\MCA140.tmp Found mount point : C:\WINDOWS\Temp\MCA23.tmp\MCA23.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\MCA23.tmp\MCA23.tmp Found mount point : C:\WINDOWS\Temp\MCQTFILE00000\MCQTFILE00000 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\MCQTFILE00000\MCQTFILE00000 Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Finished! ***************************************
  6. Help123
    Here is the avenger log: ********************************** Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully. Completed script processing. ******************* Finished! Terminate. ****************************
  7. Help123
    ********************************** Log file is located at: C:\Documents and Settings\M\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP107.tmp\ZAP107.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP317.tmp\ZAP317.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB14.tmp\ZAPB14.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB36.tmp\ZAPB36.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB73.tmp\ZAPB73.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Debug\UserMode\UserMode Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\InCD\InCD Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe [1] 2004-08-04 08:00:00 743936 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe () [1] 2008-04-13 20:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\helpsvc.exe (Microsoft Corporation) [1] 2004-08-04 08:00:00 743936 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\ATI\ACE\ACE Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\CyberLink\PowerCinema\PowerCinema Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{7757593D-2048-48CF-BE56-1366F48FB294}\{7757593D-2048-48CF-BE56-1366F48FB294} Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\Transcoded Files Cache\Transcoded Files Cache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\UserData\01KP8ROX\01KP8ROX Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\UserData\GZM52PMN\GZM52PMN Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\UserData\WFCLIFO3\WFCLIFO3 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\UserData\YRE12ZM1\YRE12ZM1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\dumprep.exe [1] 2008-04-13 20:12:18 10752 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\dumprep.exe (Microsoft Corporation) [1] 2004-08-04 08:00:00 10752 C:\WINDOWS\system32\dllcache\dumprep.exe (Microsoft Corporation) [1] 2004-08-04 08:00:00 10752 C:\WINDOWS\system32\dumprep.exe () Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 08:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 08:00:00 62976 C:\WINDOWS\system32\eventlog.dll () [2] 2004-08-04 08:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\DswMedia\DswMedia Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\Prefs\Prefs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Macromed\update\update Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\MCA12.tmp\tempinst\vsodat_cab\vsodat_cab Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\MCA140.tmp\MCA140.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\MCA23.tmp\MCA23.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\MCQTFILE00000\MCQTFILE00000 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Mount point destination : \Device\__max++>\^ Finished! **********************************************************
  8. Help123
    Hello, My computer became infected yesterday with some malware initially created some windows giving fake anti-virus warnings. After the infection, my free version of adaware would not run. I was able to initially run the HijackThis executable but the program is forced to close in mid scan. I download MBAM but cannot install it. I have tried to run the programs in saftemode and safemode with networking but no luck. Sometimes I get an error message saying "windows can not access the specifed device, path or file. you may not have the appropriate permissions to access the item". Other times the programs just fail to run without message. Any help is greatly appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.