Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected badly with Trojan-spy-win32.agent.azpj


  • This topic is locked This topic is locked
17 replies to this topic

#1 deltaplane

deltaplane

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 14 September 2009 - 06:26 PM

I read the "how-to" post a request here, but i can't comply. I downloaded DDS and it does not run, and Root repeal makes the computer crash every time i try to report on "files". I'm pasting the Kaspersky scan report, if it helps any. Thanks in advance, if anyone can help!

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:37 PM

Posted 15 September 2009 - 06:57 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.




Please download and run Win32kDiag:
Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========

Please post the following logs in your next reply:

* Win32kDiag.txt
* Log.txt
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 deltaplane

deltaplane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 15 September 2009 - 11:56 PM

As requested, the 2 reports. Thank you very much for helping me Buckeye Sam, it is greatly appreciated!


Running from: C:\Documents and Settings\Jean Gagnon\Bureau\Win32kDiag.exe

Log file at : C:\Documents and Settings\Jean Gagnon\Bureau\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\GAC\ehiwmp\ehiwmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\ehExtCOM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\ehiExtens

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\ehiwmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP125.tmp\ZAP125.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP181.tmp\ZAP181.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP260.tmp\ZAP260.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27E.tmp\ZAP27E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\Setup\Backup\Backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPro\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPro\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPro\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\3.0.6920

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2006-03-25 00:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 22:34:06 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-13 22:34:06 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\28958669cb467547323447354f40c163\update\update.exe

[1] 2004-11-30 18:46:51 666624 C:\WINDOWS\$hf_mig$\KB873333\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:35:12 666624 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 18:29:59 666624 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:35:12 666624 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:35:12 666624 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:35:11 666624 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:35:12 666624 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:35:00 666624 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:52 666624 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:26 730336 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:22:11 666624 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB893066\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB896727\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB901190\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 03:18:46 727776 C:\WINDOWS\$hf_mig$\KB911164\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB920342\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:14 767352 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB925720\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB925876\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-12-14 04:53:58 727776 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB928388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:43 767352 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:14 767352 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB961503\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\$hf_mig$\KB973874-IE8\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:35:12 666624 C:\WINDOWS\$NtUninstallKB887472$\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\SoftwareDistribution\Download\011cdeb527c0ded3735dde8070aaf659\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\SoftwareDistribution\Download\279d9fce78c4febc4ee18ccd9dac8fc3\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\SoftwareDistribution\Download\28958669cb467547323447354f40c163\update\update.exe ()

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\update\update.exe (Microsoft Corporation)

[1] 2008-05-06 16:16:28 767352 C:\WINDOWS\SoftwareDistribution\Download\a7a036db951391dc69f59b8ff102be6e\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\SoftwareDistribution\Download\bd9c0ba4365eb1bda025a0659531108c\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 08:29:06 767352 C:\WINDOWS\SoftwareDistribution\Download\d2499aed5a5db41c79a6585ca1ed82f9\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-4230457578-3102116734-389135302-1005\S-1-5-21-4230457578-3102116734-389135302-1005

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-4230457578-3102116734-389135302-1006\S-1-5-21-4230457578-3102116734-389135302-1006

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\Original\Original

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\system.sav\system.sav

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{BDF7EC72-F3A9-45BC-B922-283671BB5E90}\{BDF7EC72-F3A9-45BC-B922-283671BB5E90}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\dswMedia\dswMedia

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\Prefs\2LBLRGC9\2LBLRGC9

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MixServices\MixServices

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MPEG3ImportExport\MPEG3ImportExport

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundImportExport\SoundImportExport

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWAImportExport\SWAImportExport

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\XMLParser\XMLParser

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Voisinage d'impression\Voisinage d'impression

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Voisinage réseau\Voisinage réseau

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2006-03-25 00:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 22:33:24 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 22:33:24 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 22:33:24 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-07-29 20:49:14 24281536 C:\WINDOWS\system32\MRT.exe ()



Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\RMBin\audiences\audiences

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\AVSETUP_49f79af6\AVSETUP_49f79af6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis1807c48\gis1807c48

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis1c23e35\gis1c23e35

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis20ad045\gis20ad045

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis6f808c4\gis6f808c4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisc8e39c\gisc8e39c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd60dab\gisd60dab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUM106.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUM33.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUM37.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUM5.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUM64.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUMC4.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Historique\History.IE5\History.IE5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Localized\ia64\ia64

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Localized\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Localized\x86\x86

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8PURWTM3\8PURWTM3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ODQFWDIR\ODQFWDIR

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S16JO5YJ\S16JO5YJ

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S9U3SLUF\S9U3SLUF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VM326\Driver\Filter\Filter

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1.tmp\ZAP1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP10.tmp\ZAP10.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP11.tmp\ZAP11.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP12.tmp\ZAP12.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP13.tmp\ZAP13.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP14.tmp\ZAP14.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP15.tmp\ZAP15.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP16.tmp\ZAP16.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP17.tmp\ZAP17.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP18.tmp\ZAP18.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP19.tmp\ZAP19.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1A.tmp\ZAP1A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1B.tmp\ZAP1B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1C.tmp\ZAP1C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1D.tmp\ZAP1D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1E.tmp\ZAP1E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1F.tmp\ZAP1F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP2.tmp\ZAP2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP20.tmp\ZAP20.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP21.tmp\ZAP21.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP22.tmp\ZAP22.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP23.tmp\ZAP23.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP24.tmp\ZAP24.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP25.tmp\ZAP25.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP256.tmp\ZAP256.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP2B.tmp\ZAP2B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP2C.tmp\ZAP2C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP3.tmp\ZAP3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP38.tmp\ZAP38.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP3A.tmp\ZAP3A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP3C.tmp\ZAP3C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP4.tmp\ZAP4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP5.tmp\ZAP5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP6.tmp\ZAP6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP7.tmp\ZAP7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP8.tmp\ZAP8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP9.tmp\ZAP9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPA.tmp\ZAPA.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPB.tmp\ZAPB.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPC.tmp\ZAPC.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPD.tmp\ZAPD.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPE.tmp\ZAPE.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPE1.tmp\ZAPE1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPF.tmp\ZAPF.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{4D36E96C-E325-11CE-BFC1-08002BE10318}0016\{4D36E96C-E325-11CE-BFC1-08002BE10318}0016

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{4D36E96D-E325-11CE-BFC1-08002BE10318}0000\{4D36E96D-E325-11CE-BFC1-08002BE10318}0000

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\twain_32\snp2uvc\snp2uvc

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^



Finished!


Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 5D4D-2149

R‚pertoire de C:\WINDOWS\$NtServicePackUninstall$

2006-03-25 00:00 186ÿ368 scecli.dll

R‚pertoire de C:\WINDOWS\$NtServicePackUninstall$

2006-03-25 00:00 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\$NtServicePackUninstall$

2006-03-25 00:00 55ÿ808 eventlog.dll
3 fichier(s) 649ÿ216 octets

R‚pertoire de C:\WINDOWS\ServicePackFiles\i386

2008-04-13 22:33 187ÿ392 scecli.dll

R‚pertoire de C:\WINDOWS\ServicePackFiles\i386

2008-04-13 22:33 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\ServicePackFiles\i386

2008-04-13 22:33 56ÿ320 eventlog.dll
3 fichier(s) 650ÿ752 octets

R‚pertoire de C:\WINDOWS\system32

2008-04-13 22:33 187ÿ392 scecli.dll

R‚pertoire de C:\WINDOWS\system32

2008-04-13 22:33 407ÿ040 netlogon.dll

R‚pertoire de C:\WINDOWS\system32

2008-04-13 22:33 61ÿ952 eventlog.dll
3 fichier(s) 656ÿ384 octets

Total des fichiers list‚sÿ:
9 fichier(s) 1ÿ956ÿ352 octets
0 R‚p(s) 36ÿ118ÿ228ÿ992 octets libres

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:37 PM

Posted 16 September 2009 - 07:47 AM

Please follow these steps first:
  • Click on the Start button, then click on Run...
  • In the empty "Open:" box provided, type cmd and press Enter
    • This will launch a Command Prompt window (looks like DOS).
  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

    copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\ /y

  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
  • Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
    NOTE: If you didn't get this message, stop everything and come back and tell me first. Executing The Avenger script (step #2) won't work if the file copy was not successful.
  • Exit the Command Prompt window.

===============================
Next set of steps...


Please disable your antivirus program.
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.

    Files to move:
    C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 deltaplane

deltaplane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 16 September 2009 - 10:23 AM

What happens next?


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:37 PM

Posted 16 September 2009 - 05:34 PM

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.



========================



Now delete any copy of combofix.exe that you have if you downloaded it previously.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 deltaplane

deltaplane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 16 September 2009 - 09:56 PM

could not run win32kdiag from the bold text on your reply, it said the file was not there or was innaccessible, so i ran it from the icon on the desktop. Hope it is ok.



Running from: C:\Documents and Settings\Jean Gagnon\Bureau\Win32kDiag.exe

Log file at : C:\Documents and Settings\Jean Gagnon\Bureau\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\GAC\ehiwmp\ehiwmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\ehExtCOM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\ehiExtens

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\ehiwmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP125.tmp\ZAP125.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP181.tmp\ZAP181.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP260.tmp\ZAP260.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27E.tmp\ZAP27E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\Setup\Backup\Backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPro\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPro\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPro\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\3.0.6920

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2006-03-25 00:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 22:34:06 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-13 22:34:06 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\28958669cb467547323447354f40c163\update\update.exe

[1] 2004-11-30 18:46:51 666624 C:\WINDOWS\$hf_mig$\KB873333\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:35:12 666624 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 18:29:59 666624 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:35:12 666624 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:35:12 666624 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:35:11 666624 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:35:12 666624 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:35:00 666624 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:52 666624 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:26 730336 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:22:11 666624 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB893066\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB896727\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB901190\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:24 730336 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:26 730336 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 03:18:46 727776 C:\WINDOWS\$hf_mig$\KB911164\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB920342\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:14 767352 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB925720\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB925876\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:18:46 727776 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-12-14 04:53:58 727776 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\$hf_mig$\KB928388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:26 727776 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:43 767352 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:14 767352 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:19:06 767352 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:34:56 727776 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB961503\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:29 767352 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:26 767352 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:40:26 767352 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\$hf_mig$\KB973874-IE8\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:35:12 666624 C:\WINDOWS\$NtUninstallKB887472$\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:15:28 727776 C:\WINDOWS\SoftwareDistribution\Download\011cdeb527c0ded3735dde8070aaf659\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\SoftwareDistribution\Download\279d9fce78c4febc4ee18ccd9dac8fc3\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:03:57 767352 C:\WINDOWS\SoftwareDistribution\Download\28958669cb467547323447354f40c163\update\update.exe ()

[1] 2005-10-12 19:15:26 727776 C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\update\update.exe (Microsoft Corporation)

[1] 2008-05-06 16:16:28 767352 C:\WINDOWS\SoftwareDistribution\Download\a7a036db951391dc69f59b8ff102be6e\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:58 767352 C:\WINDOWS\SoftwareDistribution\Download\bd9c0ba4365eb1bda025a0659531108c\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 08:29:06 767352 C:\WINDOWS\SoftwareDistribution\Download\d2499aed5a5db41c79a6585ca1ed82f9\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-4230457578-3102116734-389135302-1005\S-1-5-21-4230457578-3102116734-389135302-1005

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-4230457578-3102116734-389135302-1006\S-1-5-21-4230457578-3102116734-389135302-1006

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\Original\Original

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\system.sav\system.sav

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{BDF7EC72-F3A9-45BC-B922-283671BB5E90}\{BDF7EC72-F3A9-45BC-B922-283671BB5E90}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\dswMedia\dswMedia

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\Prefs\2LBLRGC9\2LBLRGC9

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MixServices\MixServices

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MPEG3ImportExport\MPEG3ImportExport

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundImportExport\SoundImportExport

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWAImportExport\SWAImportExport

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\XMLParser\XMLParser

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Voisinage d'impression\Voisinage d'impression

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Voisinage réseau\Voisinage réseau

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-07-29 20:49:14 24281536 C:\WINDOWS\system32\MRT.exe ()



Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\RMBin\audiences\audiences

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\AVSETUP_49f79af6\AVSETUP_49f79af6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis1807c48\gis1807c48

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis1c23e35\gis1c23e35

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis20ad045\gis20ad045

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis6f808c4\gis6f808c4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisc8e39c\gisc8e39c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd60dab\gisd60dab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUM106.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUM33.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUM37.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUM5.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUM64.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\GUMC4.tmp\CrashReports\CrashReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Historique\History.IE5\History.IE5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Localized\ia64\ia64

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Localized\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Localized\x86\x86

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8PURWTM3\8PURWTM3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ODQFWDIR\ODQFWDIR

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S16JO5YJ\S16JO5YJ

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S9U3SLUF\S9U3SLUF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\VM326\Driver\Filter\Filter

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1.tmp\ZAP1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP10.tmp\ZAP10.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP11.tmp\ZAP11.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP12.tmp\ZAP12.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP13.tmp\ZAP13.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP14.tmp\ZAP14.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP15.tmp\ZAP15.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP16.tmp\ZAP16.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP17.tmp\ZAP17.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP18.tmp\ZAP18.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP19.tmp\ZAP19.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1A.tmp\ZAP1A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1B.tmp\ZAP1B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1C.tmp\ZAP1C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1D.tmp\ZAP1D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1E.tmp\ZAP1E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP1F.tmp\ZAP1F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP2.tmp\ZAP2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP20.tmp\ZAP20.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP21.tmp\ZAP21.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP22.tmp\ZAP22.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP23.tmp\ZAP23.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP24.tmp\ZAP24.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP25.tmp\ZAP25.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP256.tmp\ZAP256.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP2B.tmp\ZAP2B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP2C.tmp\ZAP2C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP3.tmp\ZAP3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP38.tmp\ZAP38.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP3A.tmp\ZAP3A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP3C.tmp\ZAP3C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP4.tmp\ZAP4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP5.tmp\ZAP5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP6.tmp\ZAP6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP7.tmp\ZAP7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP8.tmp\ZAP8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAP9.tmp\ZAP9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPA.tmp\ZAPA.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPB.tmp\ZAPB.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPC.tmp\ZAPC.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPD.tmp\ZAPD.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPE.tmp\ZAPE.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPE1.tmp\ZAPE1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ZAPF.tmp\ZAPF.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{4D36E96C-E325-11CE-BFC1-08002BE10318}0016\{4D36E96C-E325-11CE-BFC1-08002BE10318}0016

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{4D36E96D-E325-11CE-BFC1-08002BE10318}0000\{4D36E96D-E325-11CE-BFC1-08002BE10318}0000

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\twain_32\snp2uvc\snp2uvc

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^



Finished!




ComboFix 09-09-16.02 - Jean Gagnon 2009-09-16 22:29.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1983.1245 [GMT -4:00]
Lancé depuis: c:\documents and settings\Jean Gagnon\Bureau\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{02A17452-B723-4A32-88A4-E1A1C9CCF1E8}\MapleStory.exe_02A17452B7234A3288A4E1A1C9CCF1E8.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{02A17452-B723-4A32-88A4-E1A1C9CCF1E8}\MapleStory.exe1_02A17452B7234A3288A4E1A1C9CCF1E8.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{678F8391-91CE-45B9-B5D9-9ADF4749AC1E}\DIYGuide.exe_D02FC39B7B91462B9CDC14D5084668AA.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{678F8391-91CE-45B9-B5D9-9ADF4749AC1E}\DIYGuide.exe1_D02FC39B7B91462B9CDC14D5084668AA.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{678F8391-91CE-45B9-B5D9-9ADF4749AC1E}\NewShortcut2_2C5B89A340B040318515113986D13457.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\documents and settings\Invité\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\documents and settings\Jean Gagnon\Mes documents\backup registre.reg
c:\program files\Fichiers communs\alg.exe
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Uninstall Fun Web Products.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\1a7c859.msp
c:\windows\Installer\256bd6.msp
c:\windows\Installer\3527b.msi
c:\windows\Installer\5bdef1.msi
c:\windows\kb913800.exe
c:\windows\pack.epk
c:\windows\sysgtime.dll
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\au3305arc.dll
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\windows\system32\winio.vxd
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((((((( Fichiers créés du 2009-08-17 au 2009-09-17 ))))))))))))))))))))))))))))))))))))

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:37 PM

Posted 17 September 2009 - 07:14 AM

Try this instead.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\Bureau\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.


Also you only posted a portion of the combofix log.
Please post the entire log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 deltaplane

deltaplane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 17 September 2009 - 07:41 AM

worked!

Running from: C:\Documents and Settings\Jean Gagnon\Bureau\win32kdiag.exe

Log file at : C:\Documents and Settings\Jean Gagnon\Bureau\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!



ComboFix 09-09-16.02 - Jean Gagnon 2009-09-16 22:29.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1983.1245 [GMT -4:00]
Lancé depuis: c:\documents and settings\Jean Gagnon\Bureau\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{02A17452-B723-4A32-88A4-E1A1C9CCF1E8}\MapleStory.exe_02A17452B7234A3288A4E1A1C9CCF1E8.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{02A17452-B723-4A32-88A4-E1A1C9CCF1E8}\MapleStory.exe1_02A17452B7234A3288A4E1A1C9CCF1E8.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{678F8391-91CE-45B9-B5D9-9ADF4749AC1E}\DIYGuide.exe_D02FC39B7B91462B9CDC14D5084668AA.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{678F8391-91CE-45B9-B5D9-9ADF4749AC1E}\DIYGuide.exe1_D02FC39B7B91462B9CDC14D5084668AA.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{678F8391-91CE-45B9-B5D9-9ADF4749AC1E}\NewShortcut2_2C5B89A340B040318515113986D13457.exe
c:\documents and settings\Charles Gagnon\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\documents and settings\Invité\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\documents and settings\Jean Gagnon\Mes documents\backup registre.reg
c:\program files\Fichiers communs\alg.exe
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Uninstall Fun Web Products.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\1a7c859.msp
c:\windows\Installer\256bd6.msp
c:\windows\Installer\3527b.msi
c:\windows\Installer\5bdef1.msi
c:\windows\kb913800.exe
c:\windows\pack.epk
c:\windows\sysgtime.dll
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\au3305arc.dll
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\windows\system32\winio.vxd
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((((((( Fichiers créés du 2009-08-17 au 2009-09-17 ))))))))))))))))))))))))))))))))))))
.

2009-09-08 02:09 . 2009-09-08 02:09 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-09-05 13:08 . 2009-09-05 18:32 -------- d-----w- c:\windows\BDOSCAN8
2009-09-05 12:41 . 2009-09-05 12:41 -------- d-----w- c:\program files\FileZilla FTP Client
2009-09-05 12:41 . 2009-09-05 12:41 -------- d-----w- c:\program files\quick3D Pro
2009-09-05 12:41 . 2009-09-05 12:41 -------- d-----w- c:\program files\Sound Cue System 9
2009-09-05 12:41 . 2009-09-05 12:41 -------- d-----w- c:\program files\FDRLab
2009-09-05 12:41 . 2009-09-05 12:41 -------- d-----w- c:\program files\tuxguitar-1.1-jet
2009-09-05 12:41 . 2009-09-05 12:41 -------- d-----w- c:\windows\system32\RMBin
2009-09-05 12:41 . 2009-09-05 12:41 -------- d-----w- c:\program files\SoftwareClub.ws
2009-09-05 03:52 . 2009-09-05 03:52 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2009-09-02 02:49 . 2009-09-02 02:49 -------- d-sh--w- c:\documents and settings\Jean Gagnon\IECompatCache
2009-09-01 02:45 . 2009-09-08 02:58 -------- d-----w- c:\program files\Veoh Networks
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\documents and settings\Jean Gagnon\.thumbnails
2009-08-31 21:00 . 2009-08-31 21:01 -------- d-----w- c:\documents and settings\Jean Gagnon\.gimp-2.4
2009-08-29 04:17 . 2009-08-29 04:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-29 04:16 . 2009-08-29 04:16 -------- d-sh--w- c:\documents and settings\Jean Gagnon\PrivacIE
2009-08-29 04:13 . 2009-08-29 04:13 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-29 04:12 . 2009-08-29 04:12 -------- d-sh--w- c:\documents and settings\Jean Gagnon\IETldCache
2009-08-29 03:43 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-08-29 03:42 . 2009-08-29 03:42 -------- d-----w- c:\windows\ie8updates
2009-08-29 03:42 . 2009-07-03 16:57 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-08-29 03:42 . 2009-07-03 16:57 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-27 11:46 . 2009-08-28 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-21 03:57 . 2009-08-21 03:57 -------- d-----w- C:\f0cb8de5b81d7c6e82

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 23:19 . 2008-02-05 17:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 03:39 . 2007-01-09 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-08 03:12 . 2007-01-09 05:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-07 23:29 . 2007-11-26 00:59 -------- d-----w- c:\documents and settings\Jean Gagnon\Application Data\Skype
2009-09-07 23:27 . 2007-11-26 01:00 -------- d-----w- c:\documents and settings\Jean Gagnon\Application Data\skypePM
2009-09-07 23:17 . 2006-09-19 17:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-05 12:41 . 2009-07-19 06:12 -------- d-----w- c:\program files\Speed Gear
2009-09-04 19:17 . 2007-12-19 21:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-02 05:49 . 2009-09-02 05:49 691420 --sh--w- c:\documents and settings\Jean Gagnon\Application Data\cpx.exe
2009-08-24 03:22 . 2006-09-19 18:13 101336 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 04:02 . 2006-06-29 09:24 559798 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-21 04:02 . 2006-06-29 09:24 104706 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-17 02:10 . 2009-08-17 02:10 -------- d-----w- c:\documents and settings\Jean Gagnon\Application Data\DivX
2009-08-10 00:56 . 2009-08-10 00:56 -------- d-----w- c:\documents and settings\Charles Gagnon\Application Data\DivX
2009-08-10 00:55 . 2006-12-02 19:13 101336 ----a-w- c:\documents and settings\Charles Gagnon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 02:12 . 2009-04-29 00:12 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:00 . 2006-03-25 04:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 05:30 . 2006-09-19 18:48 -------- d-----w- c:\program files\DivX
2009-08-04 05:29 . 2009-08-04 05:29 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-08-03 19:31 . 2008-02-05 21:30 -------- d-----w- c:\program files\Microsoft Games
2009-08-03 19:20 . 2008-12-17 01:33 -------- d-----w- c:\documents and settings\Charles Gagnon\Application Data\U3
2009-08-02 22:02 . 2009-04-25 20:27 -------- d-----w- c:\program files\Diablo II
2009-07-31 18:34 . 2009-07-31 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Droppix
2009-07-31 18:33 . 2009-07-31 18:33 -------- d-----w- c:\program files\Fichiers communs\Droppix
2009-07-31 18:33 . 2009-07-31 18:33 -------- d-----w- c:\program files\Fichiers communs\LightScribe
2009-07-31 18:33 . 2009-07-31 18:33 -------- d-----w- c:\program files\Droppix
2009-07-31 18:27 . 2009-07-31 18:27 -------- d-----w- c:\program files\LightScribe
2009-07-31 15:26 . 2008-09-03 02:17 -------- d-----w- c:\documents and settings\Charles Gagnon\Application Data\Skype
2009-07-31 15:17 . 2008-09-03 02:20 -------- d-----w- c:\documents and settings\Charles Gagnon\Application Data\skypePM
2009-07-28 00:26 . 2009-06-27 23:20 -------- d-----w- c:\program files\FlashGet
2009-07-24 23:34 . 2009-07-22 19:56 -------- d-----w- c:\program files\MSECache
2009-07-17 19:03 . 2006-03-25 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 03:52 . 2009-07-17 03:52 70892 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-14 03:43 . 2006-03-25 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:57 . 2006-03-25 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 00:16 . 2009-06-29 23:33 886 ----a-w- c:\windows\eReg.dat
2007-03-07 02:41 . 2007-03-07 02:41 251 ----a-w- c:\program files\wt3d.ini
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 68856]
"Google Update"="c:\documents and settings\Jean Gagnon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-30 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"FLMOFFICE4DMOUSE"="c:\program files\Labtec\moffice.exe" [2007-01-26 806912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-09-27 1617920]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-27 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-11-27 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Maple 9\\jre\\bin\\java.exe"=
"c:\\Program Files\\Maple 9\\bin.win\\mserver.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Wormux\\wormux.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\Jean Gagnon\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\levillage3d\\aworld.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-28 108289]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-03-24 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-03-24 712048]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-12 24652]
S2 gupdate1c8e6d8fb018128;Google Update Service (gupdate1c8e6d8fb018128);c:\program files\Google\Update\GoogleUpdate.exe [2008-07-15 133104]
S3 0c23d850-fbb8-465c-9091-f8595149f34e;0c23d850-fbb8-465c-9091-f8595149f34e;\??\e:\cds300\cds300.dll --> e:\cds300\cds300.dll [?]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-06-06 61952]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;\??\c:\program files\Ufasoft\Sniffer\usft_sn4.sys --> c:\program files\Ufasoft\Sniffer\usft_sn4.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 22:57]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 00:34]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 00:34]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4230457578-3102116734-389135302-1005Core.job
- c:\documents and settings\Jean Gagnon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-30 00:34]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4230457578-3102116734-389135302-1005UA.job
- c:\documents and settings\Jean Gagnon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-30 00:34]

2009-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4230457578-3102116734-389135302-1006Core.job
- c:\documents and settings\Charles Gagnon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-22 21:28]

2009-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4230457578-3102116734-389135302-1006UA.job
- c:\documents and settings\Charles Gagnon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-22 21:28]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.rimouskiweb.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4B6E3013-6E45-11D0-9309-0020AFE05CC8} - hxxp://www.bitmanagement.de/download/cab_installer/BS_Contact_VRML.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Jean Gagnon\Application Data\Mozilla\Firefox\Profiles\ou939k8o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.libertel.org/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Jean Gagnon\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Lively\nplively.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-CHICHOLE - c:\docume~1\JEANGA~1\APPLIC~1\16DRVF~1\SaveMail.exe
HKLM-Run-close surf mail dupe - c:\documents and settings\All Users\Application Data\Tick Find Close Surf\TICK WAVE.exe
HKLM-Run-WinsysMon - c:\windows\system32\Client.exe
HKLM-Run-NetscapeClient - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 22:43
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3456)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\program files\Labtec\MOUDL32A.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\nexon\MapleStory\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\Labtec\mouse32a.dat
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-09-17 22:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-17 02:50

Avant-CF: 35 746 553 856 octets libres
Après-CF: 36 577 923 072 octets libres

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:37 PM

Posted 17 September 2009 - 05:15 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 deltaplane

deltaplane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 17 September 2009 - 05:58 PM

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2818
Windows 5.1.2600 Service Pack 3

2009-09-17 18:56:32
mbam-log-2009-09-17 (18-56-32).txt

Type de recherche: Examen rapide
Eléments examinés: 124213
Temps écoulé: 6 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\explorer.vbk (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#12 deltaplane

deltaplane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 17 September 2009 - 06:13 PM

It seems to be acting a lot better, i searched with google usng Firefox, and it gave me what i was looking for, not re-directing. Internet Explorer and spy-bot sd are still not reachable. Since the infection, windows update tries to update to IE8, and it fails everytime. Today, i disabled the automatic update so we could finish the clean-up without being disturbed by that.

If you can help me with those issues, it would be great. Also, can you recommend an anti-virus? I'm using antivir free version, but now i am more than willing to pay for a program that will prevent what i've just been through.

Thanks, a lot!!!

#13 deltaplane

deltaplane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 17 September 2009 - 08:38 PM

I just did a complete system scan, and it found 6 more entries. Here's the log

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2818
Windows 5.1.2600 Service Pack 3

2009-09-17 21:21:55
mbam-log-2009-09-17 (21-21-55).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 255982
Temps écoulé: 1 hour(s), 8 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Uninstall Fun Web Products.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP818\A0103803.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP818\A0103805.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP818\A0103911.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:37 PM

Posted 18 September 2009 - 07:05 AM

Nothing too bad there. Most that was already quarantined or in your system restore. We'll address both of those issues shortly.

We need to scan the system with this special tool.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 deltaplane

deltaplane
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 September 2009 - 09:42 AM

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.



Failed to open \\?\c:\\pagefile.sys: Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.


...

...

...

.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\48f6cd1b56aa6a4cc7d95fbc382f75fd_4c0a0398-d19d-494b-a5cf-ca0a0d015bc8: Accès refusé.


..

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Documents and Settings\Jean Gagnon\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db: Accès refusé.



Failed to open \\?\c:\\Documents and Settings\Jean Gagnon\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow: Accès refusé.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Program Files\Internet Explorer\iexplore.exe: Accès refusé.


..

...

...

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe: Accès refusé.




...

...

...

...

.
Failed to open \\?\c:\\System Volume Information\MountPointManagerRemoteDatabase: Accès refusé.


..

...

...

...

...

...

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

..

...

...

...

...

...

...

...

...

...

...

...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users