Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SREngLOG...browser redirects, antispyware programs wouldnt run


  • This topic is locked This topic is locked
50 replies to this topic

#1 funkecrates

funkecrates

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 13 September 2009 - 12:44 PM

Hello I am having issues w/ my computer whenever I attempt to do a search I am redirected to either btcar.com, asklots.com etc I attempted to run McAfee and I saw the following message "Windows cannot access the specified device path or file. You may not have appropriate permissions to access the item. Cannot access the specified device path or file." I attempted to follow the prep guide but I couldn't get DDS to run.... any help that can be provided will be greatly appreciated...so here is the SREngLog

2009-09-13,13:32:28

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Monopod><C:\DOCUME~1\COOPRO~1.L09\LOCALS~1\Temp\a.exe>  [File is missing]
	<ISUSPM><"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler>  [(Verified)Macrovision Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<WavXMgr><C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe>  [Wave Systems Corp.]
	<USCService><C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe>  [Broadcom Corporation]
	<SysTrayApp><%ProgramFiles%\IDT\WDM\sttray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Synchronization Manager><%SystemRoot%\system32\mobsync.exe /logon>  [(Verified)Microsoft Windows Component Publisher]
	<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<SSBkgdUpdate><"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot>  [Scansoft, Inc.]
	<ShStatEXE><"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE>  [(Verified)"McAfee, Inc."]
	<SecureUpgrade><"C:\Program Files\Wave Systems Corp\SecureUpgrade.exe">  [(Verified)Wave Systems Corp.]
	<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
	<Persistence><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<PDVDDXSrv><"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe">  [(Verified)CyberLink]
	<PaperPort PTD><C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe>  [ScanSoft, Inc.]
	<OrderReminder><C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe>  [Hewlett-Packard]
	<McAfeeUpdaterUI><"C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey>  [(Verified)"McAfee, Inc."]
	<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
	<IndexSearch><C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe>  [ScanSoft, Inc.]
	<IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<IAAnotif><C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe>  [(Verified)Intel Corporation]
	<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<EmbassySecurityCheck><"C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe">  [(Verified)Wave Systems Corp.]
	<DellControlPoint><"C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe">  [Dell Inc.]
	<DellConnectionManager><"C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe">  [Smith Micro Software, Inc.]
	<ControlCenter3><C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun>  [Brother Industries, Ltd.]
	<ChangeTPMAuth><C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12>  [Wave Systems Corp.]
	<BrMfcWnd><C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN>  []
	<AppMgrGui><C:\Program Files\AppStream\WindowsClient\Bin\exeForService.exe>  [Appstream Inc.]
	<AppleSyncNotifier><C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe>  [(Verified)Apple Inc.]
	<Apoint><C:\Program Files\DellTPad\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<AESTFltr><%SystemRoot%\system32\AESTFltr.exe /NoDlg>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{56F9679E-7826-4C84-81F3-532071A8BCC5}><C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll>  [Microsoft Corporation]
	<{2D0C3614-D550-4b6b-BF80-D83C4544D6AE}><C:\Program Files\AppStream\WindowsClient\bin\ShExecHook.dll>  [Appstream Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
	<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
	<UPnPMonitor><C:\WINDOWS\system32\upnpui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
	<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
	<WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
	<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
	<SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr>  [(Verified)Microsoft Windows Component Publisher]

==================================
Startup Folders
[Bluetooth]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk --> C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [Broadcom Corporation.]><N>
[Dell ControlPoint System Manager]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk --> C:\PROGRA~1\Dell\DELLCO~2\SYSTEM~2\DCPSYS~1.EXE [Dell Inc.]><N>
[Device Detector 3]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk --> C:\PROGRA~1\Olympus\DEVICE~1\DevDtct2.exe [OLYMPUS IMAGING CORP.]><N>
[Directrec Configuration Tool]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk --> C:\PROGRA~1\Olympus\DEVICE~1\DIRECT~1.EXE [OLYMPUS IMAGING CORP.]><N>
[Windows Search]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk --> C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [Microsoft Corporation]><N>

==================================
Services
[Adobe Active File Monitor V7 / AdobeActiveFileMonitor7.0][Running/Auto Start]
  <C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe><Adobe Systems Incorporated>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[AWE 5.2.2 Application Manager / AppMgrService][Running/Auto Start]
  <C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe><AppStream Inc.>
[AuthenTec Fingerprint Service / ATService][Running/Auto Start]
  <C:\Program Files\Fingerprint Sensor\AtService.exe><AuthenTec, Inc.>
[Bonjour Service / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[Broadcom Management Agent / BrcmMgmtAgent][Stopped/Auto Start]
  <"C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service><N/A>
[Bluetooth Service / btwdins][Running/Auto Start]
  <C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe><Broadcom Corporation.>
[Dell ControlPoint Button Service / buttonsvc32][Stopped/Auto Start]
  <"C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe"><Dell Inc.>
[Dell ControlPoint System Manager / dcpsysmgrsvc][Stopped/Auto Start]
  <"C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe"><Dell Inc.>
[DM1Service / DM1Service][Running/Auto Start]
  <C:\Program Files\Olympus\DeviceDetector\DM1Service.exe><OLYMPUS IMAGING CORP.>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Intel(R) Matrix Storage Event Monitor / IAANTMON][Running/Auto Start]
  <C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe><Intel Corporation>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[McAfee Engine Service / McAfeeEngineService][Stopped/Auto Start]
  <"C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe"><N/A>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
  <"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
[McAfee McShield / McShield][Running/Auto Start]
  <"C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe"><McAfee, Inc.>
[McAfee Task Manager / McTaskManager][Running/Auto Start]
  <"C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe"><McAfee, Inc.>
[McAfee Validation Trust Protection Service / mfevtp][Running/Auto Start]
  <C:\WINDOWS\system32\mfevtps.exe><McAfee, Inc.>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k HPZ12-->C:\WINDOWS\system32\hpzipm12.dll><Hewlett-Packard>
[Remote Procedure Call (RPC) Net / Rpcnet][Running/Auto Start]
  <C:\WINDOWS\system32\rpcnet.exe><Absolute Software Corp.>
[SecureStorageService / SecureStorageService][Stopped/Manual Start]
  <"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe"><Wave Systems Corp.>
[Smith Micro Connection Manager Service / SMManager][Stopped/Auto Start]
  <"C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe"><Smith Micro Software, Inc.>
[Audio Service / STacSV][Running/Auto Start]
  <c:\drivers\audio\r213367\stacsv.exe><IDT, Inc.>
[stllssvr / stllssvr][Stopped/Manual Start]
  <"C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"><MicroVision Development, Inc.>
[NTRU TSS v1.2.1.29 TCS / tcsd_win32.exe][Stopped/Auto Start]
  <"C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe"><N/A>
[TdmService / TdmService][Running/Auto Start]
  <"C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe"><Wave Systems Corp.>

==================================
Drivers
[AE Audio Service / AESTAud][Running/Manual Start]
  <system32\drivers\AESTAud.sys><Andrea Electronics Corporation>
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[Alps Touch Pad Filter Driver for Windows 2000/XP/Vista / ApfiltrService][Running/Manual Start]
  <system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[APPSTREAM / APPSTREAM][Running/System Start]
  <\??\C:\WINDOWS\System32\Drivers\APPSTREAM.SYS><AppStream Inc>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[BASFND / BASFND][Running/Auto Start]
  <\??\C:\Program Files\Broadcom\MgmtAgent\BASFND.sys><Broadcom Corporation>
[Dell Wireless WLAN Card Driver / BCM43XX][Running/Manual Start]
  <system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[Broadcom Advanced Server Program Driver / Blfp][Stopped/Manual Start]
  <system32\DRIVERS\baspxp32.sys><Broadcom Corporation>
[Brother USB Still Image driver / BrScnUsb][Stopped/Manual Start]
  <system32\DRIVERS\BrScnUsb.sys><Brother Industries Ltd.>
[Brother MFC Serial Port Interface WDM Driver / BrSerIf][Stopped/Manual Start]
  <System32\Drivers\BrSerIf.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <System32\Drivers\BrUsbSer.sys><Brother Industries Ltd.>
[Bluetooth Audio Device / btaudio][Running/Manual Start]
  <system32\drivers\btaudio.sys><Broadcom Corporation.>
[Bluetooth Virtual Communications Driver / BTDriver][Running/Manual Start]
  <system32\DRIVERS\btport.sys><Broadcom Corporation.>
[Bluetooth Bus Enumerator / BTKRNL][Running/Manual Start]
  <system32\DRIVERS\btkrnl.sys><Broadcom Corporation.>
[Bluetooth LAN Access Server / BTWDNDIS][Running/Manual Start]
  <system32\DRIVERS\btwdndis.sys><Broadcom Corporation.>
[Bluetooth Modem / btwmodem][Running/Manual Start]
  <system32\DRIVERS\btwmodem.sys><Broadcom Corporation.>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Running/Manual Start]
  <System32\Drivers\btwusb.sys><Broadcom Corporation.>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[DLABMFSM / DLABMFSM][Running/Auto Start]
  <System32\Drivers\DLABMFSM.SYS><Roxio>
[DLABOIOM / DLABOIOM][Running/Auto Start]
  <System32\Drivers\DLABOIOM.SYS><Roxio>
[DLACDBHM / DLACDBHM][Running/Boot Start]
  <\SystemRoot\System32\Drivers\DLACDBHM.SYS><Roxio>
[DLADResM / DLADResM][Running/Auto Start]
  <System32\Drivers\DLADResM.SYS><Roxio>
[DLAIFS_M / DLAIFS_M][Running/Auto Start]
  <System32\Drivers\DLAIFS_M.SYS><Roxio>
[DLAOPIOM / DLAOPIOM][Running/Auto Start]
  <System32\Drivers\DLAOPIOM.SYS><Roxio>
[DLAPoolM / DLAPoolM][Running/Auto Start]
  <System32\Drivers\DLAPoolM.SYS><Roxio>
[DLARTL_M / DLARTL_M][Running/System Start]
  <System32\Drivers\DLARTL_M.SYS><Roxio>
[DLAUDFAM / DLAUDFAM][Running/Auto Start]
  <System32\Drivers\DLAUDFAM.SYS><Roxio>
[DLAUDF_M / DLAUDF_M][Running/Auto Start]
  <System32\Drivers\DLAUDF_M.SYS><Roxio>
[DRVMCDB / DRVMCDB][Running/Boot Start]
  <\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM][Running/Auto Start]
  <System32\Drivers\DRVNDDM.SYS><Roxio>
[F-Secure BlackLight Engine Driver / fsbl][Stopped/Manual Start]
  <\??\C:\Documents and Settings\COOPRO01.L099ADMN507885\Local Settings\Temp\f-downadup\fsbldrv.sys><N/A>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
  <system32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[Intel AHCI Controller / iaStor][Running/Boot Start]
  <\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[Intel(R) High Definition Audio HDMI Service / IntcHdmiAddService][Running/Manual Start]
  <system32\drivers\IntcHdmi.sys><Intel(R) Corporation>
[McAfee Inc. mfeapfk / mfeapfk][Running/Manual Start]
  <system32\drivers\mfeapfk.sys><McAfee, Inc.>
[McAfee Inc. mfeavfk / mfeavfk][Running/Manual Start]
  <system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. mfebopk / mfebopk][Running/Manual Start]
  <system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. mfehidk / mfehidk][Running/Boot Start]
  <\SystemRoot\system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. mferkdet / mferkdet][Stopped/Manual Start]
  <system32\drivers\mferkdet.sys><McAfee, Inc.>
[VSCore mferkdk / mferkdk][Stopped/System Start]
  <\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys><N/A>
[McAfee Inc. mfetdik / mfetdik][Running/System Start]
  <system32\drivers\mfetdik.sys><McAfee, Inc.>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[Apple Mobile Device Ethernet Service / Netaapl][Stopped/Manual Start]
  <system32\DRIVERS\netaapl.sys><Apple Inc.>
[NvtSp50 NDIS Protocol Driver / NvtSp50][Stopped/Manual Start]
  <System32\Drivers\NvtSp50.sys><N/A>
[PBADRV / PBADRV][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\PBADRV.sys><Dell Inc>
[PCASp50 NDIS Protocol Driver / PCASp50][Stopped/Manual Start]
  <System32\Drivers\PCASp50.sys><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[REGHOOK / REGHOOK][Running/Auto Start]
  <\??\C:\WINDOWS\System32\Drivers\REGHOOK.SYS><Appstream Inc.>
[rimmptsk / rimmptsk][Running/Auto Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[SBRE / SBRE][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\SBREdrv.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[IDT High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\sthda.sys><IDT, Inc.>
[symc810 / symc810][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
  <System32\Drivers\usbaapl.sys><Apple, Inc.>
[VSPD / VSPD][Running/Auto Start]
  <\??\C:\WINDOWS\System32\Drivers\VSPD.SYS><Appstream Inc.>
[WavxDMgr / WavxDMgr][Running/Auto Start]
  <system32\DRIVERS\WavxDMgr.sys><Wave Systems Corp.>

==================================
Browser Add-ons
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[]
  {5C255C8A-E604-49b4-9D64-90988571CECB} <, >
[Search Helper]
  {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll, (Signed) Microsoft Corp.>
[scriptproxy]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll, (Signed) McAfee, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[Windows Live Toolbar Helper]
  {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[BlogThisToolbarButton Class]
  {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} <C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll, (Signed) Microsoft Corporation>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[@btrez.dll,-4015]
  {CCA281CA-C863-46ef-9331-5C8D4460577F} <, >
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[&Windows Live Toolbar]
  {21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_15]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_15]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_15.dll, (Signed) Sun Microsystems, Inc.>
[Domino Web Access 7 Control]
  {E008A543-CEFB-4559-912F-C27C2B89F13B} <C:\WINDOWS\Downloaded Program Files\dwa7W.dll, (Signed) IBM Corporation>
[]
  {1827766B-9F49-4854-8034-F6EE26FCB1EC} <, >
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[]
  {219C3416-8CB2-491A-A3C7-D9FCDDC9D600} <, >
[&Windows Live Toolbar]
  {21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Windows Desktop Search Combo Control]
  {4E430174-1673-4FF3-BF28-A3B37F6573E7} <C:\Program Files\Windows Desktop Search\wdsShell.dll, (Signed) Microsoft Corporation>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <, >
[]
  {5C255C8A-E604-49B4-9D64-90988571CECB} <, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Search Helper]
  {6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll, (Signed) Microsoft Corp.>
[scriptproxy]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll, (Signed) McAfee, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[cpbrkpie Control]
  {9522B3FB-7A2B-4646-8AF6-36E7F593073C} <C:\WINDOWS\COUPON~1.OCX, (Signed) >
[]
  {CCA281CA-C863-46EF-9331-5C8D4460577F} <, >
[Microsoft Url Search Hook]
  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll, (Signed)  Microsoft Corporation>
[Domino Web Access 7 Control]
  {E008A543-CEFB-4559-912F-C27C2B89F13B} <C:\WINDOWS\Downloaded Program Files\dwa7W.dll, (Signed) IBM Corporation>
[Windows Live Toolbar Helper]
  {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
  {E3215F20-3212-11D6-9F8B-00D0B743919D} <, >
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000, N/A>
[Send to &Bluetooth Device...]
  <C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm, N/A>
[Send To Bluetooth]
  <C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm, N/A>

==================================
Running Processes
[PID: 876 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 928 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 956 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1008 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 1020 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:\WINDOWS\system32\wvauth.dll]  [Wave Systems Corp., 3.3.5.4]
[PID: 1216 / SYSTEM][C:\Program Files\Fingerprint Sensor\AtService.exe]  [AuthenTec, Inc., 8.1.0.106]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1236 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1308 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1352 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1476 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
[PID: 1540 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
[PID: 1800 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\bthcrp.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\WidcommSdk.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\ZLhp1020.DLL]  [Zenographics, Inc., 5, 53, 3723, 0]
	[C:\WINDOWS\system32\ZLM.dll]  [Zenographics, Inc., 5, 50, 1416, 0]
	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  [Zenographics, Inc., 5, 54, 330, 0]
	[C:\WINDOWS\system32\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
	[C:\WINDOWS\system32\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
	[C:\WINDOWS\system32\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\ppbipr.dll]  [Black Ice Software, 2.00]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1836 / SYSTEM][c:\drivers\audio\r213367\stacsv.exe]  [IDT, Inc., 1.0.6159.0]
	[C:\WINDOWS\system32\stacapi.dll]  [IDT, Inc., 1.0.6159.0]
[PID: 1992 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1264 / COOPRO01][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll]  [Wave Systems Corp., 2.6.1.48]
	[C:\Program Files\Wave Systems Corp\Trusted Drive Manager\PSAPI.DLL]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\btmmhook.dll]  [Broadcom Corporation., 5.5.0.3208]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.127]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\Program Files\McAfee\VirusScan Enterprise\shext.dll]  [McAfee, Inc., 8.7.0.570]
	[C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll]  [Wave Systems Corp., 06.09.00.129]
	[C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\VaultServer.dll]  [Wave Systems Corp, 06.09.00.129]
	[C:\WINDOWS\system32\wxvault.dll]  [, 06.09.00.129]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.1.0.2009022700]
	[C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll]  [Microsoft Corporation, 7.00.6001.18260 (vistasp1_gdr_oobsvc.090524-1500)]
	[C:\Program Files\AppStream\WindowsClient\bin\ShExecHook.dll]  [Appstream Inc., 1,1,0,0]
[PID: 1672 / SYSTEM][C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe]  [Adobe Systems Incorporated, 7.0.0.0]
	[C:\Program Files\Adobe\Photoshop Elements 7.0\platform.dll]  [Adobe Systems, Inc., 1, 0, 0, 1]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
[PID: 1720 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple Inc., 2.50.39.0]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
[PID: 1532 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,6,2]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
[PID: 240 / SYSTEM][C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe]  [Broadcom Corporation., 5.5.0.3208]
[PID: 464 / COOPRO01][C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe]  [Wave Systems Corp., 06.09.00.129]
	[C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXVltMgrWrp.DLL]  [Wave Systems Corp., 06.09.00.129]
	[C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\VaultServer.dll]  [Wave Systems Corp, 06.09.00.129]
	[C:\WINDOWS\system32\wxvault.dll]  [, 06.09.00.129]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\ConvertToDM40.dll]  [Wave Systems Corp., 06.09.00.129]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 1292 / COOPRO01][C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe]  [Broadcom Corporation, 1.0.0.0]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.3082 (QFE.050727-3000)]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.206.39627__4ca2a925deedf37d\StatusInterfaces.dll]  [Broadcom Corporation, 1.6.206.15]
	[C:\Program Files\Dell\Dell ControlPoint\Security Manager\Interop.EmbassyStatus.dll]  [ , 0.0.0.0]
	[C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.206.39627__f25c74fcad379103\Status Lib.dll]  [Broadcom Corporation, 1.6.206.15]
	[C:\Program Files\Dell\Dell ControlPoint\Security Manager\RegistrySettingsLib.dll]  [Broadcom Corporation, 1.6.206.15]
	[C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EmbassyStatus.dll]  [Wave Systems Corp., 03.09.00.066]
	[C:\WINDOWS\system32\Wavx_ESC_Logging.dll]  [N/A, ]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll]  [NTRU Cryptosystems, Inc., 1.2.1.29]
	[C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmUserInterface.dll]  [Wave Systems Corp., 2.6.1.48]
	[C:\Program Files\Wave Systems Corp\Trusted Drive Manager\Interop.Wavx_PluginManagerLib.dll]  [ , 1.0.0.0]
	[C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmUtilC.dll]  [Wave Systems Corp., 2.6.1.48]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll]  [Microsoft Corporation, 8.00.50727.3053]
	[C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\Program Files\Wave Systems Corp\Dell Preboot Manager\PrebootManager.dll]  [Wave Systems Corp., 2.9.0.4]
	[C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Interop.BiosManager.dll]  [ , 1.0.0.0]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 644 / COOPRO01][C:\Program Files\Java\jre6\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.150.3]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 748 / COOPRO01][C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE]  [McAfee, Inc., 8.7.0.659]
	[C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll]  [McAfee, Inc., 8.7.0.659]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll]  [McAfee, Inc., 8.7.0.570]
	[C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll]  [McAfee, Inc., 8.7.0.659]
	[C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
	[C:\Program Files\McAfee\VirusScan Enterprise\Graphics.dll]  [McAfee, Inc., 8.7.0.570]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 768 / COOPRO01][C:\Program Files\Wave Systems Corp\SecureUpgrade.exe]  [Wave Systems Corp., 05.07.00.017]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll]  [Microsoft Corporation, 8.00.50727.3053]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.3082 (QFE.050727-3000)]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 920 / COOPRO01][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 1176 / COOPRO01][C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe]  [CyberLink Corp., 8.02.5004	]
	[C:\Program Files\CyberLink\PowerDVD DX\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CyberLink\PowerDVD DX\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\CyberLink\PowerDVD DX\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll]  [CyberLink Corp., 4, 5, 0, 1711]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 1588 / COOPRO01][C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe]  [ScanSoft, Inc., 9.0]
	[C:\Program Files\ScanSoft\PaperPort\MAXUTIL.dll]  [ScanSoft, Inc., 9.0]
	[C:\Program Files\ScanSoft\PaperPort\PPERR.dll]  [ScanSoft, Inc., 9.0]
	[C:\Program Files\ScanSoft\PaperPort\blicectr.dll]  [ScanSoft, Inc., 1, 0, 0, 1]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 1592 / COOPRO01][C:\WINDOWS\system32\igfxsrvc.exe]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 1924 / SYSTEM][C:\Program Files\Olympus\DeviceDetector\DM1Service.exe]  [OLYMPUS IMAGING CORP., 1, 6, 0, 0]
[PID: 1640 / COOPRO01][C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe]  [Hewlett-Packard, 2, 0, 1, 26]
[PID: 1884 / COOPRO01][C:\Program Files\McAfee\Common Framework\udaterui.exe]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\nailog3.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
	[C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\naxml3_71.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\McAfee\Common Framework\applib.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\cmalib.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\cryptocme2.dll]  [N/A, ]
	[C:\Program Files\McAfee\Common Framework\0409\UpdRes.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory3.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\WINDOWS\system32\btmmhook.dll]  [Broadcom Corporation., 5.5.0.3208]
[PID: 2096 / SYSTEM][C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe]  [Intel Corporation, 8.2.2.1001]
	[C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll]  [Intel Corporation, 8.2.2.1001]
	[C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll]  [Intel Corporation, 8.2.2.1001]
[PID: 2124 / COOPRO01][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Inc., 8.2.1.6]
	[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Inc., 8.2.1.6]
	[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Inc., 8.2.1.6]
	[C:\Program Files\QuickTime\QTSystem\QuickTime.qts]  [Apple Inc., 7.6.2 (1324)]
	[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll]  [Apple Inc., 238.0.0.43]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 2160 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.150.3]
	[C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
[PID: 2252 / SYSTEM][C:\Program Files\McAfee\Common Framework\FrameworkService.exe]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\nailog3.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
	[C:\Program Files\McAfee\Common Framework\naxml3_71.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\applib.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\cryptocme2.dll]  [N/A, ]
	[C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\Logging.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\UserSpace.Dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory3.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\Management.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\naPolicyManager.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\UpdateSubSys.Dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\updater.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\ipcchannel.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll]  [N/A, ]
	[C:\Program Files\McAfee\Common Framework\mfeCmnLib71.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\Scheduler.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\Agent.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\nainet.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\mfecurl.dll]  [McAfee, Inc., 1.0.0.151]
	[C:\Program Files\McAfee\Common Framework\mfezlib.dll]  [McAfee, Inc., 1.0.0.151]
	[C:\Program Files\McAfee\Common Framework\inetmgr.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\naSPIPE.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\cmalib.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\ListenServer.dll]  [McAfee, Inc., 4.0.0.1345]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\McAfee\Common Framework\TCSubSys.dll]  [McAfee, Inc., 4.0.0.1345]
[PID: 2272 / COOPRO01][C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe]  [Intel Corporation, 8.2.2.1001]
	[C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll]  [Intel Corporation, 8.2.2.1001]
	[C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll]  [Intel Corporation, 8.2.2.1001]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 2692 / COOPRO01][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\igfxrENU.lrc]  [Intel Corporation, 6.14.10.5029]
[PID: 2696 / SYSTEM][C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe]  [McAfee, Inc., 8.7.0.659]
	[C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll]  [McAfee, Inc., 8.7.0.659]
	[C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll]  [McAfee, Inc., 8.7.0.570]
	[C:\Program Files\McAfee\VirusScan Enterprise\condl.dll]  [McAfee, Inc., 8.7.0.570]
	[C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
	[C:\Program Files\McAfee\VirusScan Enterprise\MIDUtil.Dll]  [McAfee, Inc., 8.7.0.133]
[PID: 2768 / COOPRO01][C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe]  [Dell Inc., 1.2.1.42]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.3082 (QFE.050727-3000)]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\Program Files\Dell\Dell ControlPoint\SmithMicro.Common.dll]  [Smith Micro Software, Inc., 1.2.0.42]
	[C:\Program Files\Dell\Dell ControlPoint\SmithMicro.Controls.dll]  [Smith Micro Software, Inc., 1.2.0.42]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.3082 (QFE.050727-3000)]
	[C:\Program Files\Dell\Dell ControlPoint\Dell.DcpPlugin.dll]  [Smith Micro Software, Inc., 1.2.0.42]
	[C:\Program Files\Dell\Dell ControlPoint\System Manager\DisplayPluginDLL.dll]  [Dell Inc., 9.5.6.9867]
	[C:\Program Files\Dell\Dell ControlPoint\System Manager\PowerPluginDLL.dll]  [Dell Inc., 9.5.6.9867]
	[C:\Program Files\Dell\Dell ControlPoint\System Overview\Dell.SystemOverview.Plugin.dll]  [Smith Micro Software, Inc., 1.2.0.42]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPPluginSupportDLL.dll]  [Dell Inc., 9, 5, 6, 9867]
	[C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoNS.dll]  [Broadcom Corporation, 1.6.206.15]
	[C:\WINDOWS\assembly\GAC_MSIL\SecurityDeviceInfoSetReg\1.6.206.39641__3a60a70419922317\SecurityDeviceInfoSetReg.dll]  [Broadcom Corporation, 1.6.206.15]
	[C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.206.39627__4ca2a925deedf37d\StatusInterfaces.dll]  [Broadcom Corporation, 1.6.206.15]
	[C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.206.39627__f25c74fcad379103\Status Lib.dll]  [Broadcom Corporation, 1.6.206.15]
	[C:\Program Files\Dell\Dell ControlPoint\Connection Manager\UCMPlugin\Dell.UCM.Plugin.dll]  [Smith Micro Software, Inc., 1.2.1.2]
	[C:\Program Files\Dell\Dell ControlPoint\Connection Manager\UCMPlugin\SmithMicro.Common.dll]  [Smith Micro Software, Inc., 1.2.1.2]
	[C:\Program Files\Dell\Dell ControlPoint\Security Manager\Security Center Overview.dll]  [Broadcom Corporation, 1.6.206.15]
	[C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityCenterControls.dll]  [Broadcom Corporation, 1.6.206.15]
	[C:\Program Files\Dell\Dell ControlPoint\Security Manager\RegistrySettingsLib.dll]  [Broadcom Corporation, 1.6.206.15]
	[C:\Program Files\Dell\Dell ControlPoint\Connection Manager\UCMPlugin\SmithMicro.Controls.dll]  [Smith Micro Software, Inc., 1.2.1.2]
	[C:\WINDOWS\system32\btmmhook.dll]  [Broadcom Corporation., 5.5.0.3208]
[PID: 2872 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 2912 / SYSTEM][C:\WINDOWS\system32\mfevtps.exe]  [McAfee, Inc., SYSCORE.14.1.0.551.x86]
[PID: 2936 / COOPRO01][C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe]  [, 2, 0, 0, 13]
	[C:\Program Files\Brother\Brmfcmon\BRMFCWNDEng.dll]  [Brother Industries, Ltd., 2, 0, 0, 0]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\btmmhook.dll]  [Broadcom Corporation., 5.5.0.3208]
[PID: 2968 / COOPRO01][C:\Program Files\Brother\ControlCenter3\brccMCtl.exe]  [Brother Industries, Ltd., 3, 0, 89, 89]
	[C:\Program Files\Brother\ControlCenter3\brccDCtl.dll]  [Brother Industries, Ltd., 3, 0, 62, 62]
	[C:\Program Files\Brother\ControlCenter3\brccFCtl.dll]  [Brother Industries, Ltd., 3, 0, 13, 42]
	[C:\Program Files\Brother\ControlCenter3\LTDIS12n.dll]  [LEAD Technologies, Inc., 12.1.0.068]
	[C:\Program Files\Brother\ControlCenter3\LTKRN12n.dll]  [LEAD Technologies, Inc., 12.1.0.068]
	[C:\Program Files\Brother\ControlCenter3\LTFIL12n.DLL]  [LEAD Technologies, Inc., 12.1.0.073]
	[C:\Program Files\Brother\ControlCenter3\BrImgPDF.dll]  [Brother Industries,LTD., 1, 0, 0, 1]
	[C:\Program Files\Brother\ControlCenter3\brccusa.dll]  [Brother Industries, Ltd., 3, 0, 4, 4]
	[C:\Program Files\Brother\ControlCenter3\brccimg.dll]  [Brother Industries, Ltd., 3, 0, 0, 0]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
	[C:\WINDOWS\system32\btmmhook.dll]  [Broadcom Corporation., 5.5.0.3208]
[PID: 3020 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[c:\windows\system32\hpzipm12.dll]  [Hewlett-Packard, 12,1,1,54]
[PID: 3052 / COOPRO01][C:\Program Files\DellTPad\Apoint.exe]  [Alps Electric Co., Ltd., 7.0.101.232]
	[C:\Program Files\DellTPad\Apoint.dll]  [Alps Electric Co., Ltd., 5.5.104.339]
	[C:\WINDOWS\system32\Vxdif.dll]  [Alps Electric Co., Ltd., 6.0.3.19]
	[C:\Program Files\DellTPad\EzAuto.dll]  [Alps Electric Co., Ltd., 5.5.1.94]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 3192 / COOPRO01][C:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exe]  [AppStream Inc., 5,2,2,857_3171]
	[C:\Program Files\AppStream\WindowsClient\Bin\xerces-c_2_3_0.dll]  [Apache Software Foundation, 2, 3, 0]
	[C:\Program Files\AppStream\WindowsClient\Bin\AppStreamLibs.dll]  [Appstream Inc., 5,2,2,857_3171]
	[C:\Program Files\AppStream\WindowsClient\Bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\AppStream\WindowsClient\Bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\AppStream\WindowsClient\Bin\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\AppStream\WindowsClient\Bin\Lang\AppStreamRes1033.dll]  [N/A, ]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\btmmhook.dll]  [Broadcom Corporation., 5.5.0.3208]
[PID: 3216 / SYSTEM][C:\WINDOWS\system32\rpcnet.exe]  [Absolute Software Corp., 8.0.885.0]
	[C:\WINDOWS\system32\rpcnet.dll]  [Absolute Software Corp., 8.0.885.0]
[PID: 3232 / COOPRO01][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 3268 / COOPRO01][C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe]  [Macrovision Corporation, 6, 0, 100, 54472]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 3340 / SYSTEM][C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe]  [Microsoft Corp., 1.2.121.0]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 3412 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\WINDOWS\system32\BrWia06a.dll]  [Brother Industries, Ltd., 3.2.6.0]
	[C:\WINDOWS\system32\BrNetSti.dll]  [Brother Industries, Ltd., 1, 9, 3, 0]
	[C:\WINDOWS\system32\BrMuSNMP.dll]  [N/A, ]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 3452 / COOPRO01][C:\Program Files\DellTPad\ApMsgFwd.exe]  [Alps Electric Co., Ltd., 7, 0, 0, 23]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 3468 / SYSTEM][C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe]  [Wave Systems Corp., 2.6.1.48]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll]  [Microsoft Corporation, 8.00.50727.3053]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.3082 (QFE.050727-3000)]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
	[C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmUtilC.dll]  [Wave Systems Corp., 2.6.1.48]
[PID: 3476 / COOPRO01][C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\btosif.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\btwhidcs.DLL]  [Broadcom Corporation., 5.5.0.3208]
	[C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\btrez.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\btwicons.dll]  [, 1, 0, 0, 1]
	[C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll]  [N/A, ]
	[C:\WINDOWS\system32\btmmhook.dll]  [Broadcom Corporation., 5.5.0.3208]
[PID: 3568 / COOPRO01][C:\Program Files\DellTPad\HidFind.exe]  [Alps Electric Co., Ltd., 7.0.0.28]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 3580 / COOPRO01][C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe]  [OLYMPUS IMAGING CORP., 3, 3, 3, 0]
	[C:\WINDOWS\system32\OdiAPI.dll]  [OLYMPUS IMAGING CORP., 2, 0, 1, 1]
	[C:\Program Files\Olympus\DeviceDetector\MFC42.DLL]  [Microsoft Corporation, 6.00.8447.0]
	[C:\Program Files\Olympus\DeviceDetector\DevDtctResource.dll]  [OLYMPUS IMAGING CORP., 3, 3, 3, 0]
	[C:\WINDOWS\system32\DirrecAPI.dll]  [OLYMPUS IMAGING CORP., 1, 1, 0, 0]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\OdiOlDVR.dll]  [OLYMPUS IMAGING CORP., 2, 1, 1, 0]
	[C:\WINDOWS\system32\STRDEVAPI.dll]  [OLYMPUS IMAGING CORP., 1, 6, 2, 0]
	[C:\WINDOWS\system32\StrDevCheck.dll]  [OLYMPUS IMAGING CORP., 1, 0, 0, 1]
	[C:\WINDOWS\system32\DSXUSB.dll]  [OLYMPUS CORPORATION, 1.1.1.0]
	[C:\WINDOWS\system32\dssusb1.dll]  [OLYMPUS CORPORATION, 1.7.1.0]
	[C:\WINDOWS\system32\dssusb.dll]  [OLYMPUS OPTICAL CO.,LTD., 1, 8, 0, 0]
	[C:\WINDOWS\system32\DM1USBAPI.dll]  [OLYMPUS OPTICAL CO.,LTD, 1, 2, 0, 0]
	[C:\Program Files\Olympus\DeviceDetector\DSSCancel.dll]  [OLYMPUS IMAGING CORP., 1, 1, 0, 3]
[PID: 3672 / COOPRO01][C:\Program Files\DellTPad\Apntex.exe]  [Alps Electric Co., Ltd., 7.0.1.29]
	[C:\WINDOWS\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.3.19]
	[C:\Program Files\DellTPad\Apoint.DLL]  [Alps Electric Co., Ltd., 5.5.104.339]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 3740 / SYSTEM][C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe]  [AppStream Inc., 5,2,2,857_3171]
	[C:\Program Files\AppStream\WindowsClient\bin\AppStreamLibs.dll]  [Appstream Inc., 5,2,2,857_3171]
	[C:\Program Files\AppStream\WindowsClient\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\AppStream\WindowsClient\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\AppStream\WindowsClient\bin\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\AppStream\WindowsClient\bin\Lang\AppStreamRes1033.dll]  [N/A, ]
[PID: 3944 / SYSTEM][C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_server.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
	[C:\Program Files\McAfee\VirusScan Enterprise\FTL.Dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll]  [McAfee, Inc., 5.3.00]
	[C:\Program Files\Common Files\McAfee\Engine\mc5300up.001]  [McAfee, Inc., 5.3.00]
	[C:\Program Files\McAfee\VirusScan Enterprise\mfebopa.dll]  [McAfee, Inc., SYSCORE.14.1.0.551.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mfehida.dll]  [McAfee, Inc., SYSCORE.14.1.0.551.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mfeapfa.dll]  [McAfee, Inc., SYSCORE.14.1.0.551.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mfeavfa.dll]  [McAfee, Inc., SYSCORE.14.1.0.551.x86]
[PID: 4020 / SYSTEM][C:\WINDOWS\system32\SearchIndexer.exe]  [Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]
[PID: 4076 / SYSTEM][C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\naiann.dll]  [McAfee, Inc., 8.7.0.659]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll]  [N/A, ]
	[C:\Program Files\McAfee\VirusScan Enterprise\NAEvent.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
	[C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll]  [McAfee, Inc., 8.7.0.659]
	[C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll]  [McAfee, Inc., 8.7.0.570]
	[C:\Program Files\McAfee\Common Framework\Genevtinf3.dll]  [McAfee, Inc., 4.0.0.1345]
[PID: 672 / SYSTEM][C:\Program Files\McAfee\Common Framework\naPrdMgr.exe]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\naxml3_71.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
	[C:\Program Files\McAfee\Common Framework\nailog3.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\applib.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\cryptocme2.dll]  [N/A, ]
	[C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\agentplugin.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\Common Framework\mfeCmnLib71.dll]  [McAfee, Inc., 4.0.0.1345]
	[C:\Program Files\McAfee\VirusScan Enterprise\VsPlugin.dll]  [McAfee, Inc., 8.7.0.659]
[PID: 496 / COOPRO01][C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\btins.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\btosif.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\BtAudioHelper.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\btrez.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\btosif_ol.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\btosif_olx.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\btosif_notes.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 2752 / COOPRO01][C:\Program Files\McAfee\Common Framework\McTray.exe]  [McAfee, Inc., 1.0.0.127]
	[C:\Program Files\McAfee\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.127]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 3096 / COOPRO01][C:\Program Files\Brother\Brmfcmon\BrMfimon.exe]  [Brother Industries, Ltd., 2, 0, 0, 2]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\Program Files\Brother\Brmfcmon\BroSNMP.dll]  [Brother Industries, Ltd., 1, 0, 0, 1]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\btmmhook.dll]  [Broadcom Corporation., 5.5.0.3208]
[PID: 204 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
[PID: 1724 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Inc., 8.2.1.6]
	[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Inc., 8.2.1.6]
	[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Inc., 8.2.1.6]
[PID: 3436 / COOPRO01][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.14]
	[C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.14]
	[C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.6.10]
	[C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.5]
	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.3.1]
	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.5]
	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.5]
	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.14]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.14]
	[C:\Program Files\Mozilla Firefox\components\Scriptff.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\WINDOWS\system32\btmmhook.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.14]
	[C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll]  [Microsoft Corporation, 7.00.6001.18260 (vistasp1_gdr_oobsvc.090524-1500)]
	[C:\Program Files\AppStream\WindowsClient\bin\ShExecHook.dll]  [Appstream Inc., 1,1,0,0]
	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.3.1 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.75]
[PID: 4016 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
[PID: 3700 / COOPRO01][C:\Program Files\Windows Desktop Search\WindowsSearch.exe]  [Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\mssph.dll]  [Microsoft Corporation, 7.00.6001.18260 (vistasp1_gdr_oobsvc.090524-1500)]
	[C:\WINDOWS\system32\btmmhook.dll]  [Broadcom Corporation., 5.5.0.3208]
[PID: 4708 / COOPRO01][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
[PID: 4768 / COOPRO01][C:\Documents and Settings\COOPRO01.L099ADMN507885\Desktop\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 4804 / COOPRO01][C:\Documents and Settings\COOPRO01.L099ADMN507885\Desktop\sreng2\SREf6f5e0c3.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\WINDOWS\system32\igfxdo.dll]  [Intel Corporation, 6.14.10.5029]
	[C:\WINDOWS\system32\btmmhook.dll]  [Broadcom Corporation., 5.5.0.3208]
	[C:\Documents and Settings\COOPRO01.L099ADMN507885\Desktop\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[\\?\globalroot\Device\__max++>\F060C836.x86.dll]  [N/A, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
	[C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
	[C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
N/A

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1672, C:\PROGRAM FILES\ADOBE\PHOTOSHOP ELEMENTS 7.0\PHOTOSHOPELEMENTSFILEAGENT.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 464, C:\PROGRAM FILES\WAVE SYSTEMS CORP\SERVICES MANAGER\DOCMGR\BIN\WAVXDOCMGR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1292, C:\PROGRAM FILES\DELL\DELL CONTROLPOINT\SECURITY MANAGER\BCMDEVICEANDTASKSTATUSSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1588, C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPTD40NT.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\OLYMPUS\DEVICEDETECTOR\DM1SERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1640, C:\PROGRAM FILES\HEWLETT-PACKARD\ORDERREMINDER\ORDERREMINDER.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 2768, C:\PROGRAM FILES\DELL\DELL CONTROLPOINT\DELL.CONTROLPOINT.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2768, C:\PROGRAM FILES\DELL\DELL CONTROLPOINT\DELL.CONTROLPOINT.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2936, C:\PROGRAM FILES\BROTHER\BRMFCMON\BRMFCWND.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2968, C:\PROGRAM FILES\BROTHER\CONTROLCENTER3\BRCCMCTL.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3192, C:\PROGRAM FILES\APPSTREAM\WINDOWSCLIENT\BIN\APPMGRGUI.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3468, C:\PROGRAM FILES\WAVE SYSTEMS CORP\TRUSTED DRIVE MANAGER\TDMSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3580, C:\PROGRAM FILES\OLYMPUS\DEVICEDETECTOR\DEVDTCT2.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3740, C:\PROGRAM FILES\APPSTREAM\WINDOWSCLIENT\BIN\APPMGRSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3096, C:\PROGRAM FILES\BROTHER\BRMFCMON\BRMFIMON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 4768, C:\DOCUMENTS AND SETTINGS\COOPRO01.L099ADMN507885\DESKTOP\SRENG2\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] {BB65B0FB-5712-401b-B616-E69AC55E2757}.job
		C:\DOCUME~1\COOPRO~1.L09\LOCALS~1\Temp\a.exe 
[Enabled] {7B02EF0B-A410-4938-8480-9BA26420A627}.job
		C:\WINDOWS\msa.exe 
[Enabled] AppleSoftwareUpdate.job
		C:\Program Files\Apple Software Update\SoftwareUpdate.exe 

==================================
Windows Security Update Check
KB925850,  Windows Media Player 11 
KB943729,  Group Policy Preference Client Side Extensions for Windows XP (KB943729) 
KB926139,  Windows PowerShell 1.0 for Windows XP (KB926139) 
KB909520,  Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) 
KB956572,  Security Update for Windows XP (KB956572) MS09-012
KB931125,  Update for Root Certificates [May 2009] (KB931125) 
KB973874,  Update for Internet Explorer 8 Compatibility View List for Windows XP (KB973874) 
KB956844,  Security Update for Windows XP (KB956844) MS09-046
KB890830,  Windows Malicious Software Removal Tool - September 2009 (KB890830) 
KB971961,  Security Update for Jscript 5.8 for Windows XP (KB971961) MS09-045

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:13 PM

Posted 28 September 2009 - 08:48 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 funkecrates

funkecrates
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 29 September 2009 - 05:50 PM

Hello and thanks for assisting me I tried to run the RSIT however I received an error message as following " AutoIt Error Line -1: Error: Variable used without being declared." I tried to run it twice and wasn't successful...... The problem with my computer is that no anti virus/ spyware/ malware programs will run. When I attempt to do a google search I am redirected to a number of random sites one of which is sometimes btcar.com. I also use my laptop at work and even lotus notes security/ scanning is disabled. Whenever I try to run McAfee that was supplied on my computer I receive an error message..also the other scan/log programs like dds wouldn't run either the only one that ran was SREngLog.

Edited by funkecrates, 29 September 2009 - 05:57 PM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:13 PM

Posted 29 September 2009 - 06:03 PM

Download and run Win32kDiag:
  • Download Win32kDiag from any of the following locations and save it to your Desktop.
  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • Once it has finished, press any key to close the program.
  • It will create the file Win32kDiag.txt on your Desktop Copy and paste the contents in your next reply.

unite.jpg


#5 funkecrates

funkecrates
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 29 September 2009 - 06:34 PM

Running from: C:\Documents and Settings\COOPRO01.L099ADMN507885\My Documents\Downloads\Win32kDiag.exe

Log file at : C:\Documents and Settings\COOPRO01.L099ADMN507885\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB972260\KB972260

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12F.tmp\ZAP12F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP246.tmp\ZAP246.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP324.tmp\ZAP324.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP350.tmp\ZAP350.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C.tmp\ZAP4C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\biolsp patch\biolsp patch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Gemalto\Gemalto

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Preboot Manager\Preboot Manager

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Trusted Drive Manager\Trusted Drive Manager

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\tsp patch\tsp patch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Wave Infrastructure\Wave Infrastructure

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\MUI\0009\0009

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ie8updates\ie8updates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\inf\IEM\0409\0409

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951618-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB954434\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB969897\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:13 PM

Posted 29 September 2009 - 06:41 PM

Was that the whole log? it usually says "Finished!" at the end, did you just miss that part?

unite.jpg


#7 funkecrates

funkecrates
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 29 September 2009 - 07:00 PM

Running from: C:\Documents and Settings\COOPRO01.L099ADMN507885\My Documents\Downloads\Win32kDiag(2).exe

Log file at : C:\Documents and Settings\COOPRO01.L099ADMN507885\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB972260\KB972260

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12F.tmp\ZAP12F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP246.tmp\ZAP246.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP324.tmp\ZAP324.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP350.tmp\ZAP350.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C.tmp\ZAP4C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\biolsp patch\biolsp patch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Gemalto\Gemalto

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Preboot Manager\Preboot Manager

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Trusted Drive Manager\Trusted Drive Manager

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\tsp patch\tsp patch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Wave Infrastructure\Wave Infrastructure

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\MUI\0009\0009

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ie8updates\ie8updates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\inf\IEM\0409\0409

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951618-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB954434\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB969897\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe ()



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951618-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB954434\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB969897\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe ()



Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951618-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB954434\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB969897\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe ()



Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2257104510-2920508377-1575172789-1007\S-1-5-21-2257104510-2920508377-1575172789-1007

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Broadcom\Broadcom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{1EBC9592-B53B-4312-916E-5C40CCD4F9FE}\{1EBC9592-B53B-4312-916E-5C40CCD4F9FE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\v2.0.50727.42

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2257104510-2920508377-1575172789-500\S-1-5-21-2257104510-2920508377-1575172789-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-299502267-1035525444-1417001333-500\S-1-5-21-299502267-1035525444-1417001333-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Bluetooth Software\sync\sync

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2257104510-2920508377-1575172789-500\S-1-5-21-2257104510-2920508377-1575172789-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-299502267-1035525444-1417001333-500\S-1-5-21-299502267-1035525444-1417001333-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\PowerDVD DX\IEPG\IEPG

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\Bluetooth Exchange Folder\Bluetooth Exchange Folder

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ENU\ENU

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-14 08:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 08:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-07-29 17:49:16 24281536 C:\WINDOWS\system32\MRT.exe ()



Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Test\Test

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

[1] 2009-02-06 06:15:13 227840 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2008-04-14 08:00:00 218112 C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 12:39:29 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 05:41:05 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 06:10:02 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 06:15:13 227840 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 06:10:02 227840 C:\WINDOWS\system32\dllcache\wmiprvse.exe (Microsoft Corporation)

[1] 2009-02-06 06:10:02 227840 C:\WINDOWS\system32\wbem\wmiprvse.exe ()



Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\112D\112D

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\14F0\14F0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1A1E\1A1E

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1DD0\1DD0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1DD4\1DD4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1E22\1E22

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1E25\1E25

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1F32\1F32

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\1F36\1F36

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2141\2141

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2144\2144

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2196\2196

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\21C3\21C3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\24E6\24E6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\24E9\24E9

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\24F2\24F2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\24F5\24F5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\2D8F\2D8F

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\33D5\33D5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4674\4674

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\467B\467B

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\471D\471D

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\4720\4720

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\5B2B\5B2B

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\5C34\5C34

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\6D83\6D83

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\78BA\78BA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7BB8\7BB8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7F39\7F39

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\7F3C\7F3C

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\AC7\AC7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\BF1\BF1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\C1B\C1B

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\McAfeeLogs\McAfeeLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\TestEngDat64\TestEngDat64

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WBEM\WBEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:13 PM

Posted 29 September 2009 - 07:10 PM

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Next

Go to Start >> Run then copy the following line into the run box:

"%userprofile%\My Documents\Downloads\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with notepad and post the contents in your next reply.

Please post back here with the following logs:
  • Avenger log
  • Win32kDiag.tx
Thanks

unite.jpg


#9 funkecrates

funkecrates
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 29 September 2009 - 07:35 PM

Win32kDiag.tx log

Running from: C:\Documents and Settings\COOPRO01.L099ADMN507885\My Documents\Downloads\win32kdiag.exe

Log file at : C:\Documents and Settings\COOPRO01.L099ADMN507885\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Found mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537

Found mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8

Found mount point : C:\WINDOWS\$hf_mig$\KB972260\KB972260

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB972260\KB972260

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12F.tmp\ZAP12F.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12F.tmp\ZAP12F.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp\ZAP192.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP246.tmp\ZAP246.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP246.tmp\ZAP246.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP324.tmp\ZAP324.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP324.tmp\ZAP324.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP350.tmp\ZAP350.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP350.tmp\ZAP350.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C.tmp\ZAP4C.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C.tmp\ZAP4C.tmp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Cache\Cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Cache\Cache

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\biolsp patch\biolsp patch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\biolsp patch\biolsp patch

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Gemalto\Gemalto

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Gemalto\Gemalto

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Preboot Manager\Preboot Manager

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Preboot Manager\Preboot Manager

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Trusted Drive Manager\Trusted Drive Manager

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Trusted Drive Manager\Trusted Drive Manager

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\tsp patch\tsp patch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\tsp patch\tsp patch

Found mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Wave Infrastructure\Wave Infrastructure

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Wave Infrastructure\Wave Infrastructure

Found mount point : C:\WINDOWS\Help\MUI\0009\0009

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\MUI\0009\0009

Found mount point : C:\WINDOWS\ie8updates\ie8updates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ie8updates\ie8updates

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\inf\IEM\0409\0409

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\inf\IEM\0409\0409

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dfd20fda6478d599fc1417f0319287a1\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2257104510-2920508377-1575172789-1007\S-1-5-21-2257104510-2920508377-1575172789-1007

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2257104510-2920508377-1575172789-1007\S-1-5-21-2257104510-2920508377-1575172789-1007

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Broadcom\Broadcom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Broadcom\Broadcom

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{1EBC9592-B53B-4312-916E-5C40CCD4F9FE}\{1EBC9592-B53B-4312-916E-5C40CCD4F9FE}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{1EBC9592-B53B-4312-916E-5C40CCD4F9FE}\{1EBC9592-B53B-4312-916E-5C40CCD4F9FE}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\v2.0.50727.42

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\v2.0.50727.42

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2257104510-2920508377-1575172789-500\S-1-5-21-2257104510-2920508377-1575172789-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2257104510-2920508377-1575172789-500\S-1-5-21-2257104510-2920508377-1575172789-500

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-299502267-1035525444-1417001333-500\S-1-5-21-299502267-1035525444-1417001333-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-299502267-1035525444-1417001333-500\S-1-5-21-299502267-1035525444-1417001333-500

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Bluetooth Software\sync\sync

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Bluetooth Software\sync\sync

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2257104510-2920508377-1575172789-500\S-1-5-21-2257104510-2920508377-1575172789-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2257104510-2920508377-1575172789-500\S-1-5-21-2257104510-2920508377-1575172789-500

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-299502267-1035525444-1417001333-500\S-1-5-21-299502267-1035525444-1417001333-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-299502267-1035525444-1417001333-500\S-1-5-21-299502267-1035525444-1417001333-500

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\PowerDVD DX\IEPG\IEPG

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\PowerDVD DX\IEPG\IEPG

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\Bluetooth Exchange Folder\Bluetooth Exchange Folder

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\Bluetooth Exchange Folder\Bluetooth Exchange Folder

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Found mount point : C:\WINDOWS\system32\ENU\ENU

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ENU\ENU

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Cannot access: C:\WINDOWS\system32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\Test\Test

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Test\Test

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

Attempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exe

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\x64\x64

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\x64\x64

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\Temp\112D\112D

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\112D\112D

Found mount point : C:\WINDOWS\Temp\14F0\14F0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\14F0\14F0

Found mount point : C:\WINDOWS\Temp\1A1E\1A1E

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\1A1E\1A1E

Found mount point : C:\WINDOWS\Temp\1DD0\1DD0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\1DD0\1DD0

Found mount point : C:\WINDOWS\Temp\1DD4\1DD4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\1DD4\1DD4

Found mount point : C:\WINDOWS\Temp\1E22\1E22

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\1E22\1E22

Found mount point : C:\WINDOWS\Temp\1E25\1E25

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\1E25\1E25

Found mount point : C:\WINDOWS\Temp\1F32\1F32

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\1F32\1F32

Found mount point : C:\WINDOWS\Temp\1F36\1F36

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\1F36\1F36

Found mount point : C:\WINDOWS\Temp\2141\2141

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\2141\2141

Found mount point : C:\WINDOWS\Temp\2144\2144

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\2144\2144

Found mount point : C:\WINDOWS\Temp\2196\2196

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\2196\2196

Found mount point : C:\WINDOWS\Temp\21C3\21C3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\21C3\21C3

Found mount point : C:\WINDOWS\Temp\24E6\24E6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\24E6\24E6

Found mount point : C:\WINDOWS\Temp\24E9\24E9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\24E9\24E9

Found mount point : C:\WINDOWS\Temp\24F2\24F2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\24F2\24F2

Found mount point : C:\WINDOWS\Temp\24F5\24F5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\24F5\24F5

Found mount point : C:\WINDOWS\Temp\2D8F\2D8F

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\2D8F\2D8F

Found mount point : C:\WINDOWS\Temp\33D5\33D5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\33D5\33D5

Found mount point : C:\WINDOWS\Temp\4674\4674

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\4674\4674

Found mount point : C:\WINDOWS\Temp\467B\467B

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\467B\467B

Found mount point : C:\WINDOWS\Temp\471D\471D

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\471D\471D

Found mount point : C:\WINDOWS\Temp\4720\4720

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\4720\4720

Found mount point : C:\WINDOWS\Temp\5B2B\5B2B

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\5B2B\5B2B

Found mount point : C:\WINDOWS\Temp\5C34\5C34

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\5C34\5C34

Found mount point : C:\WINDOWS\Temp\6D83\6D83

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\6D83\6D83

Found mount point : C:\WINDOWS\Temp\78BA\78BA

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\78BA\78BA

Found mount point : C:\WINDOWS\Temp\7BB8\7BB8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\7BB8\7BB8

Found mount point : C:\WINDOWS\Temp\7F39\7F39

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\7F39\7F39

Found mount point : C:\WINDOWS\Temp\7F3C\7F3C

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\7F3C\7F3C

Found mount point : C:\WINDOWS\Temp\AC7\AC7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\AC7\AC7

Found mount point : C:\WINDOWS\Temp\BF1\BF1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\BF1\BF1

Found mount point : C:\WINDOWS\Temp\C1B\C1B

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\C1B\C1B

Found mount point : C:\WINDOWS\Temp\McAfeeLogs\McAfeeLogs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\McAfeeLogs\McAfeeLogs

Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Found mount point : C:\WINDOWS\Temp\TestEngDat64\TestEngDat64

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\TestEngDat64\TestEngDat64

Found mount point : C:\WINDOWS\WBEM\WBEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WBEM\WBEM

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



Finished!

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:13 PM

Posted 29 September 2009 - 07:37 PM

What about the Avenger log?

unite.jpg


#11 funkecrates

funkecrates
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 29 September 2009 - 07:37 PM

Avenger log


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:13 PM

Posted 29 September 2009 - 07:41 PM

  • Please download Junction.zip and save it, then unzip the contents to your desktop.
  • Go to Start >> Run, then Copy and paste the following command in the run box and click Ok.

    cmd /c "%userprofile%\desktop\junction.exe" -s c:\ >log.txt&log.txt& del log.txt

  • A command window opens starting to scan the system. Wait until the log file log.txt opens. Copy and paste the contents in your next reply.
Next

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back here with the following logs:
  • log.txt
  • MBAM log
Thanks

unite.jpg


#13 funkecrates

funkecrates
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 29 September 2009 - 08:02 PM

log text ...........mbam log is forthcoming


Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Documents and Settings\COOPRO01.L099ADMN507885\Local Settings\Temp\f-downadup\f-downadup.exe: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe: Access is denied.


...

...

..
Failed to open \\?\c:\\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe: Access is denied.


.

...

...

...

...

...

...

.
Failed to open \\?\c:\\Program Files\McAfee\VirusScan Enterprise\engineserver.exe: Access is denied.



Failed to open \\?\c:\\Program Files\McAfee\VirusScan Enterprise\scan32.exe: Access is denied.



Failed to open \\?\c:\\Program Files\McAfee\VirusScan Enterprise\scncfg32.exe: Access is denied.


..

...

...

..
Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Trend Micro\HijackThis\HijackThis.exe: Access is denied.


.


Failed to open \\?\c:\\Program Files\Windows Defender\MsMpEng.exe: Access is denied.


.
Failed to open \\?\c:\\System Volume Information\MountPointManagerRemoteDatabase: Access is denied.


..

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

..

...

...

...

...

...

...

...

#14 funkecrates

funkecrates
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 29 September 2009 - 08:29 PM

Malwarebytes' Anti-Malware 1.41
Database version: 2873
Windows 5.1.2600 Service Pack 3

9/29/2009 9:28:24 PM
mbam-log-2009-09-29 (21-28-24).txt

Scan type: Quick Scan
Objects scanned: 135286
Time elapsed: 21 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:13 PM

Posted 29 September 2009 - 08:43 PM

We need to reset the permissions of some files and folders, that have been altered by malware.
  • Download Inherit.exe and save it on your Desktop.
  • Locate each of these files, then drag them and drop them, onto Inherit.exe

c:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
c:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
c:\Program Files\McAfee\VirusScan Enterprise\scncfg32.exe
c:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
c:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\Program Files\Windows Defender\MsMpEng.exe

  • when finished click OK. You may remove Inherit.exe from your desktop.
Next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Edited by syler, 30 September 2009 - 06:36 AM.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users