Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT, MBAM, Rootrepeal (file scan), DDS, SuperAS, all not working!


  • This topic is locked This topic is locked
38 replies to this topic

#1 sstefano

sstefano

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 23 August 2009 - 01:13 PM

Ok I give up... after 4 days of failed attempts at removing whatever infection I have, I must now turn to the experts.

I am running Windows XP Media Center Edition (SP3) on a Toshiba laptop, here is what I've done so far after following related topics on this website.

-I've ran Rootrepeal successfully in all areas BUT the file section (it scans for about a minute then disappears) in safe mode and normal.
-I can get MBAM to start by either renaming it or changing the permissions which get altered after every attempt to run, but unfortunately it too disappears after a 10 second attempts at scanning (in safe mode and normal).
-SAS attempts to scan and disappears (in safe mode and normal).
-DDS loads but gets hung up and does not output a log file (I've left it running for over an hour in safe mode and normal).
-HJT attempts to scan, then gives 2 errors, then disappears, though I am able to load the program by renaming it and changing permissions.

The trend seems to be the following: Not all, but several .exe spyware programs, unlocker.exe, iexplorer.exe, and a few others have run, then they stop working... the only way to open them again is to go to properties:security and ADD my normal permissions to the sole/existing EVERYBODY permission that is there.

(Following was done with a boot cd) I have scanned the file scecli.dll and nothing was found. Kaspersky found trojan.Win32 in sfcfiles.dll; the file is now removed. Spyware doctor found several registry entries containing trojan.FakeAlert, I have manually removed them all. I've run combofix and uninstalled it.

My regedit, and folder options were disabled but I fixed that...

I am kind of guaging my success on getting MBAM, SAS, and rootrepeal to run successfully, which they are still not... Much of what I've done was from scanning through topics on your wonderful website; thank you guys very much for doing what you do! PLEASE HELP :thumbup2:

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/08/23 14:23
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6AF9000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79CB000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB487F000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xB6C87000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xB70F9000 Size: 61440 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8ad9c990

#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xbaf23514

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xbaf12282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xbaf12474

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8ad9cc60

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xbaf23d00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xbaf23fb8

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xbaf223fa

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x8ad9ca08

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x8ad9c8a0

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xbaf24422

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8ad9caf8

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x8ad9c020

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8ad9cd50

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8ad9cb70

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xbaf237d8

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8ad9ccd8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8ad9ca80

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xbaf11f32

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8ad9cbe8

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8ad9c918

Stealth Objects
-------------------
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x8aca3d20 Size: 289

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8aca3ca8 Size: 409

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x89bfcb50 Size: 563

Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x89bfcad8 Size: 683

Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x89c0fd30 Size: 723

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89c0fcb8 Size: 842

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a796020 Size: 1413

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a7960e8 Size: 1213

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x8a763ca8 Size: 862

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a763c30 Size: 977

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a78e678 Size: 2446

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a78e600 Size: 2561

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89be0b50 Size: 563

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89be0ad8 Size: 683

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a56e390 Size: 3184

Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a56e318 Size: 3304

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89bea9b0 Size: 1616

Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89bea938 Size: 1736

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x89bea8c0 Size: 1856

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a78c020 Size: 846

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a78c148 Size: 550

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a78c0d0 Size: 670

Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x89becd30 Size: 654

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89beccb8 Size: 774

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89becc40 Size: 894

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a78b880 Size: 1921

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a78b808 Size: 2041

Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x8a78b790 Size: 2161

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x8a7580a8

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x8a7d9ab0

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x8a78f020

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x8a78f0a8

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x8a781268

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x8a7811f0

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x8a758020

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x8a757fa8

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x8a75d078

==EOF==

Edited by sstefano, 23 August 2009 - 01:35 PM.


BC AdBot (Login to Remove)

 


#2 sstefano

sstefano
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 28 August 2009 - 04:36 PM

I do not mean to bump this topic but I think it was overlooked as many posts after August 23 have been answered already... Please, I really need help :thumbup2:

(I apologize if this is not the case and I will continue to wait patiently; again, I did not mean to bump this, sorry for any inconvenience)

Edited by sstefano, 28 August 2009 - 04:52 PM.


#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:44 AM

Posted 28 August 2009 - 06:41 PM

Hello sstefano,

It is not a good idea to "Bump" your post, as it will only delay
help for your log. :thumbup2:

When selecting logs we generally use two criteria to
look for unanswered logs.

1. We started from the oldest to the most recent. That means if you
keep bumping, your log is at the top of the list, and since we do not work
from the top, it will be looked at last!!

2. We look for first for posts with no replies. A bump is a reply so
you get pushed further down the response ladder.




Step 1

Download and run Win32kDiag:Step 2

Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
Please post back with:
  • Win32kDiag.txt
  • Content of the log.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 sstefano

sstefano
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 28 August 2009 - 09:27 PM

Win32K runs to a certain point then it says it encountered an error and needs to shut down... here is the log to that certain point...

Log file is located at: C:\Documents and Settings\Stiven Stefanoski\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\Downloaded Program Files\lang.ini

[1] 2009-05-08 12:02:40 7125 C:\WINDOWS\Downloaded Program Files\lang.ini ()



Cannot access: C:\WINDOWS\Downloaded Program Files\live.ini

[1] 2009-01-05 15:44:12 130 C:\WINDOWS\Downloaded Program Files\live.ini ()



Cannot access: C:\WINDOWS\Downloaded Program Files\oscan8.inf

[1] 2009-01-05 15:44:14 1177 C:\WINDOWS\Downloaded Program Files\oscan8.inf ()



Cannot access: C:\WINDOWS\Downloaded Program Files\oscan82.ocx

[1] 2009-05-07 16:56:24 656384 C:\WINDOWS\Downloaded Program Files\oscan82.ocx ()



Cannot access: C:\WINDOWS\Downloaded Program Files\scanoptions.tsi

[1] 2009-01-05 15:44:14 6828 C:\WINDOWS\Downloaded Program Files\scanoptions.tsi ()



Cannot access: C:\WINDOWS\ERUNT\SDFIX\Find.txt

[1] 2009-08-18 00:33:28 65 C:\WINDOWS\ERUNT\SDFIX\Find.txt ()



Cannot access: C:\WINDOWS\ERUNT\SDFIX\RemLat.txt

[1] 2009-08-18 00:10:49 0 C:\WINDOWS\ERUNT\SDFIX\RemLat.txt ()



Cannot access: C:\WINDOWS\ERUNT\SDFIX\report.txt

[1] 2009-08-18 01:27:35 9802 C:\WINDOWS\ERUNT\SDFIX\report.txt ()



Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\OfficeAssistant\Microsoft Office Tools\Microsoft Office Tools

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Options\CABS\CABS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Options\Install\Install

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\ERRORREP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-10 08:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PEV.exe

[1] 2009-08-23 03:09:13 229376 C:\WINDOWS\PEV.exe ()



Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe

[1] 2004-11-30 18:46:38 654848 C:\WINDOWS\$hf_mig$\KB873333\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 18:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:48 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:48 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:53:09 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB893066\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896688\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB899589\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-07-12 21:08:11 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935448\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB969497-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2005-10-20 20:56:16 798720 C:\WINDOWS\ehome\Update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe ()

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\e740a72458caa5dc68334c7afa82ebf3\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\10.tmp

[1] 2009-06-18 12:54:10 6144 C:\WINDOWS\system32\10.tmp ()



Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2995072899-1138964358-377049439-1005\S-1-5-21-2995072899-1138964358-377049439-1005

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3868997124-911790988-508925577-500\S-1-5-21-3868997124-911790988-508925577-500

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\CF16655.exe

[1] 2009-08-28 19:03:14 389120 C:\WINDOWS\system32\CF16655.exe ()



Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\XDM9AMPT\XDM9AMPT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\AOL\AOL

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{889A3C13-8ABD-4EFF-9D4F-3832B14D7682}\{889A3C13-8ABD-4EFF-9D4F-3832B14D7682}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\LMM4YXAF\static.twitter.com\flash\widgets\profile\TwitterWidget.swf\TwitterWidget.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\eHome\eHome

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Protector Suite\Protector Suite

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba\pcdiag\v3.0\Logs\Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver\PictureDir\PictureDir

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Enterprise\Enterprise

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\FastSearch\dictionaries\dictionaries

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\FastSearch\exceptions\exceptions

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar Cache\6.1.1518.856\en\en

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\thumbnails\thumbnails

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\urls\urls

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\Groove\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\Groove\User\User

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Yahoo\YMP\YMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Apps\2.0\48EL3BQ6.W7A\G1TB7MGO.K1X\manifests\manifests

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\{29916D6D-9E39-4682-85B4-B8B46B15B369}\{29916D6D-9E39-4682-85B4-B8B46B15B369}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\My Yahoo! Music\My Yahoo! Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Driver Cache\Driver Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\drivers\etc\HOSTS

--------------------------------------------------------------------------------------------------

Peek.bat will not run, but I did get it to run about 3-4 days ago with the following log:

Volume in drive C is SQ004224P01
Volume Serial Number is 782D-CCD2

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 08:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 08:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 08:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:44 AM

Posted 28 August 2009 - 09:42 PM

This is not good!. :thumbup2: The peek.bat is old so it shows me nothing. The Win32kDiag.exe log has been truncated so it does not show the data I need. :)

I may not be able to help you. :)

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text)"%userprofile%\desktop\win32kdiag.exe" -f -r
into the "Open" box, and click OK.
When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with notepad and post the contents here.

Edited by SifuMike, 28 August 2009 - 09:43 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:44 AM

Posted 28 August 2009 - 09:46 PM

Peek.bat will not run, but I did get it to run about 3-4 days ago with the following log:



Who told you to run peek.bat?
Have you been working with another forum?
Or trying to fix this yourself? Have you been Deleting files?
If so, what files you delete?

Edited by SifuMike, 28 August 2009 - 09:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 sstefano

sstefano
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 28 August 2009 - 11:27 PM

I was following the directions that were given to some other members with similar problems on this forum... I have not worked with another forum... I deleted scecli.dll, from 2 locations one was system32 folder the other I don't recall. I ran peek.bat a cople of days ago with my computer off since then so even though the log file is old, I have not touched anything since then...

I ran the command you've mentioned with the log posted below... again, the program encounters an error when it reaches the C:\WINDOWS\system32\drivers\etc\HOSTS location...

Log file is located at: C:\Documents and Settings\Stiven Stefanoski\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Cannot access: C:\WINDOWS\Downloaded Program Files\lang.ini

Attempting to restore permissions of : C:\WINDOWS\Downloaded Program Files\lang.ini

[1] 2009-05-08 12:02:40 7125 C:\WINDOWS\Downloaded Program Files\lang.ini ()



Cannot access: C:\WINDOWS\Downloaded Program Files\live.ini

Attempting to restore permissions of : C:\WINDOWS\Downloaded Program Files\live.ini

[1] 2009-01-05 15:44:12 130 C:\WINDOWS\Downloaded Program Files\live.ini ()



Cannot access: C:\WINDOWS\Downloaded Program Files\oscan8.inf

Attempting to restore permissions of : C:\WINDOWS\Downloaded Program Files\oscan8.inf

[1] 2009-01-05 15:44:14 1177 C:\WINDOWS\Downloaded Program Files\oscan8.inf ()



Cannot access: C:\WINDOWS\Downloaded Program Files\oscan82.ocx

Attempting to restore permissions of : C:\WINDOWS\Downloaded Program Files\oscan82.ocx

[1] 2009-05-07 16:56:24 656384 C:\WINDOWS\Downloaded Program Files\oscan82.ocx ()



Cannot access: C:\WINDOWS\Downloaded Program Files\scanoptions.tsi

Attempting to restore permissions of : C:\WINDOWS\Downloaded Program Files\scanoptions.tsi

[1] 2009-01-05 15:44:14 6828 C:\WINDOWS\Downloaded Program Files\scanoptions.tsi ()



Cannot access: C:\WINDOWS\ERUNT\SDFIX\Find.txt

Attempting to restore permissions of : C:\WINDOWS\ERUNT\SDFIX\Find.txt

[1] 2009-08-18 00:33:28 65 C:\WINDOWS\ERUNT\SDFIX\Find.txt ()



Cannot access: C:\WINDOWS\ERUNT\SDFIX\RemLat.txt

Attempting to restore permissions of : C:\WINDOWS\ERUNT\SDFIX\RemLat.txt

[1] 2009-08-18 00:10:49 0 C:\WINDOWS\ERUNT\SDFIX\RemLat.txt ()



Cannot access: C:\WINDOWS\ERUNT\SDFIX\report.txt

Attempting to restore permissions of : C:\WINDOWS\ERUNT\SDFIX\report.txt

[1] 2009-08-18 01:27:35 9802 C:\WINDOWS\ERUNT\SDFIX\report.txt ()



Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\Installer\OfficeAssistant\Microsoft Office Tools\Microsoft Office Tools

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\OfficeAssistant\Microsoft Office Tools\Microsoft Office Tools

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\Options\CABS\CABS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Options\CABS\CABS

Found mount point : C:\WINDOWS\Options\Install\Install

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Options\Install\Install

Found mount point : C:\WINDOWS\pchealth\ERRORREP\ERRORREP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\ERRORREP

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-10 08:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Cannot access: C:\WINDOWS\PEV.exe

Attempting to restore permissions of : C:\WINDOWS\PEV.exe

[1] 2009-08-23 03:09:13 229376 C:\WINDOWS\PEV.exe ()



Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe

[1] 2004-11-30 18:46:38 654848 C:\WINDOWS\$hf_mig$\KB873333\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 18:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:48 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:48 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:53:09 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB893066\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896688\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB899589\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-07-12 21:08:11 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935448\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB969497-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2005-10-20 20:56:16 798720 C:\WINDOWS\ehome\Update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\e740a72458caa5dc68334c7afa82ebf3\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Cannot access: C:\WINDOWS\system32\10.tmp

Attempting to restore permissions of : C:\WINDOWS\system32\10.tmp

[1] 2009-06-18 12:54:10 6144 C:\WINDOWS\system32\10.tmp ()



Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2995072899-1138964358-377049439-1005\S-1-5-21-2995072899-1138964358-377049439-1005

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2995072899-1138964358-377049439-1005\S-1-5-21-2995072899-1138964358-377049439-1005

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3868997124-911790988-508925577-500\S-1-5-21-3868997124-911790988-508925577-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3868997124-911790988-508925577-500\S-1-5-21-3868997124-911790988-508925577-500

Cannot access: C:\WINDOWS\system32\CF16655.exe

Attempting to restore permissions of : C:\WINDOWS\system32\CF16655.exe

[1] 2009-08-28 19:03:14 389120 C:\WINDOWS\system32\CF16655.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\system32\cmd.exe

Attempting to restore permissions of : C:\WINDOWS\system32\cmd.exe

[1] 2004-08-10 08:00:00 388608 C:\WINDOWS\$NtServicePackUninstall$\cmd.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:14 389120 C:\WINDOWS\ServicePackFiles\i386\cmd.exe (Microsoft Corporation)

[2] 2009-08-22 20:28:46 389120 C:\WINDOWS\system32\CF11705.exe (Microsoft Corporation)

[2] 2009-08-28 19:03:14 389120 C:\WINDOWS\system32\CF16655.exe (Microsoft Corporation)

[2] 2009-08-28 21:59:55 389120 C:\WINDOWS\system32\CF18505.exe (Microsoft Corporation)

[2] 2009-08-24 19:04:36 389120 C:\WINDOWS\system32\CF2450.exe (Microsoft Corporation)

[2] 2009-08-22 20:06:14 389120 C:\WINDOWS\system32\CF7294.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:14 389120 C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\XDM9AMPT\XDM9AMPT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\XDM9AMPT\XDM9AMPT

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\AOL\AOL

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\AOL\AOL

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{889A3C13-8ABD-4EFF-9D4F-3832B14D7682}\{889A3C13-8ABD-4EFF-9D4F-3832B14D7682}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{889A3C13-8ABD-4EFF-9D4F-3832B14D7682}\{889A3C13-8ABD-4EFF-9D4F-3832B14D7682}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\LMM4YXAF\static.twitter.com\flash\widgets\profile\TwitterWidget.swf\TwitterWidget.swf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\LMM4YXAF\static.twitter.com\flash\widgets\profile\TwitterWidget.swf\TwitterWidget.swf

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\eHome\eHome

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\eHome\eHome

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Protector Suite\Protector Suite

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Protector Suite\Protector Suite

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba\pcdiag\v3.0\Logs\Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba\pcdiag\v3.0\Logs\Logs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver\PictureDir\PictureDir

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver\PictureDir\PictureDir

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Enterprise\Enterprise

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Enterprise\Enterprise

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\FastSearch\dictionaries\dictionaries

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\FastSearch\dictionaries\dictionaries

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\FastSearch\exceptions\exceptions

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\FastSearch\exceptions\exceptions

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar Cache\6.1.1518.856\en\en

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar Cache\6.1.1518.856\en\en

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\thumbnails\thumbnails

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\thumbnails\thumbnails

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\urls\urls

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\urls\urls

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\Groove\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\Groove\System\System

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\Groove\User\User

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\Groove\User\User

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Yahoo\YMP\YMP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Yahoo\YMP\YMP

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Apps\2.0\48EL3BQ6.W7A\G1TB7MGO.K1X\manifests\manifests

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Apps\2.0\48EL3BQ6.W7A\G1TB7MGO.K1X\manifests\manifests

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\{29916D6D-9E39-4682-85B4-B8B46B15B369}\{29916D6D-9E39-4682-85B4-B8B46B15B369}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\{29916D6D-9E39-4682-85B4-B8B46B15B369}\{29916D6D-9E39-4682-85B4-B8B46B15B369}

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\My Yahoo! Music\My Yahoo! Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\My Yahoo! Music\My Yahoo! Music

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\Driver Cache\Driver Cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Driver Cache\Driver Cache

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Cannot access: C:\WINDOWS\system32\drivers\etc\HOSTS

Attempting to restore permissions of : C:\WINDOWS\system32\drivers\etc\HOSTS

#8 sstefano

sstefano
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 28 August 2009 - 11:50 PM

Ok, even though peek.bat seemed to have not worked the last time I ran it (the dos windows appeared and disappeared), a new log file appeared on my desktop and it is the same as previously posted, here it is again (I did not run peek.bat after the last run command that you provided)

Volume in drive C is SQ004224P01
Volume Serial Number is 782D-CCD2

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 08:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 08:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 08:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Edited by sstefano, 29 August 2009 - 01:00 AM.


#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:44 AM

Posted 29 August 2009 - 01:25 AM

I was following the directions that were given to some other members with similar problems on this forum... I have not worked with another forum... I deleted scecli.dll, from 2 locations one was system32 folder the other I don't recall.




I thought so. :thumbup2: Copying another person fix is a recipe for disaster, as each fix is tailored to that specific computer.

Looks like you have mistakenly deleted some vital files needed to restore your computer.

I cant help you with this problem, this computer is beyond hope.

I recommend you reformat and reload. Next time don't copy another persons fix.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 sstefano

sstefano
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 29 August 2009 - 01:53 AM

...I had the exact same logs and files as they had, I was not blindly deleting files... My computer is working fine I just can not run any scans as they either disappear or the permissions do not allow the scan as many others here have experienced...

So what you are saying is that there is no fix...?

EDIT: I was able to run win32kDiag.exe and it ran to completion! Here is the log... I tried running peek.bat afterwards but it gives me an error message regarding appropriate permissions... I hope this provides for an alternate path other than reformatting :thumbup2:

Log file is located at: C:\Documents and Settings\Stiven Stefanoski\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\system32\cmd.exe

[1] 2004-08-10 08:00:00 388608 C:\WINDOWS\$NtServicePackUninstall$\cmd.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:14 389120 C:\WINDOWS\ServicePackFiles\i386\cmd.exe (Microsoft Corporation)

[2] 2009-08-22 20:28:46 389120 C:\WINDOWS\system32\CF11705.exe (Microsoft Corporation)

[2] 2009-08-28 19:03:14 389120 C:\WINDOWS\system32\CF16655.exe (Microsoft Corporation)

[2] 2009-08-28 21:59:55 389120 C:\WINDOWS\system32\CF18505.exe (Microsoft Corporation)

[2] 2009-08-24 19:04:36 389120 C:\WINDOWS\system32\CF2450.exe (Microsoft Corporation)

[2] 2009-08-29 04:06:55 389120 C:\WINDOWS\system32\CF24877.exe (Microsoft Corporation)

[2] 2009-08-29 04:12:56 389120 C:\WINDOWS\system32\CF26056.exe (Microsoft Corporation)

[2] 2009-08-22 20:06:14 389120 C:\WINDOWS\system32\CF7294.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:14 389120 C:\WINDOWS\system32\cmd.exe ()



Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-10 08:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 60928 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\GroupPolicy\User\User

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-07-29 20:49:14 24281536 C:\WINDOWS\system32\MRT.exe ()



Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\Process.exe

[1] 2003-06-05 21:13:00 53248 C:\WINDOWS\system32\Process.exe ()



Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\ssiefr.EXE

[1] 2006-10-20 15:29:42 10240 C:\WINDOWS\system32\ssiefr.EXE ()



Cannot access: C:\WINDOWS\system32\tmp.txt

[1] 2009-08-18 23:17:34 0 C:\WINDOWS\system32\tmp.txt ()



Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\WRLogonNtf.dll

[1] 2006-10-20 15:29:42 209408 C:\WINDOWS\system32\WRLogonNtf.dll ()



Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\options\images\images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\tellafriend\offline\images\images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\buttons\buttons

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\dialogs\dialogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\dropdowns\dropdowns

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\htmldialog\htmldialog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\list\list

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\listMenu\listMenu

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\notification\notification

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\options_menu_button\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\preview\preview

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\scrollbar\scrollbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\searchWidget\searchWidget

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\selectors\selectors

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\shared_graphics\shared_graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\tray_scroller\tray_scroller

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\AdvancedOptions\AdvancedOptions

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\alerts\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\bookmarks\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\GeneralOptions\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\options\images\images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Autumn\Autumn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Birthday\Birthday

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Chanukah\Chanukah

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Christmas\Christmas

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Halloween\Halloween

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\New Baby\New Baby

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\New Years\New Years

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Sports\Sports

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frame_template\frame_template

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\offline\images\images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\wizard\html\images\images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\wizard\tests\tests

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview2\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoviewVista\core\core

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoviewVista\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoviewVista\includes\includes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\popups\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\search\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\SelectorEditor\SelectorEditor

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\SkinChooser\SkinChooser

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\ThemeTemplates\Default\Default

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\ProgFiles\ProgFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\assets\colorSchemes\backgrounds\backgrounds

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\assets\graphics\tellafriend_offline\images\images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Amazon\core\core

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Amazon\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Amazon\includes\includes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\ThemeCustomizer\images\images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Weather\core\core

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Weather\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Weather\includes\includes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\production\automationScripts\automationScripts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\colorSchemes\backgrounds\backgrounds

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\graphics\barintro_images\barintro_images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\graphics\Includes\Includes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\graphics\tellafriend_offline\images\images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Amazon\core\core

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Amazon\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\options\images\images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\ThemeCustomizer\images\images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Weather\core\core

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Weather\graphics\graphics

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Weather\includes\includes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\ProgFiles\ProgFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\de\de

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\el\el

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\en\en

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\en-gb\en-gb

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\es\es

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\fi\fi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\fr\fr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\HTML\HTML

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\it\it

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\ja\ja

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\ko\ko

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\nl\nl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\no\no

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\pl\pl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\pt-br\pt-br

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\ru\ru

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\sv\sv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\th\th

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\tr\tr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\zh-cn\zh-cn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\zh-tw\zh-tw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\el\el

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\en\en

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\en-gb\en-gb

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\es\es

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\fi\fi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\fr\fr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\HTML\HTML

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\it\it

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\ja\ja

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\ko\ko

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\nl\nl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\no\no

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\pl\pl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\pt-br\pt-br

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\ru\ru

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\sv\sv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\th\th

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\tr\tr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\zh-cn\zh-cn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\zh-tw\zh-tw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu12C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu13D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu165.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu249.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu2F6.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu319.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu3DB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu4D6.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu50.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu5F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu60.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu64.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu6A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu6C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu6D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu6D0.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu6F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu88.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu96.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuAB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuCD.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ProdID\bases\bases

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\viewmgr\viewmgr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\vmgr\4294955451\4294955451

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\vmgr\490903\490903

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\vmgr\708927\708927

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^



Finished!

Edited by sstefano, 29 August 2009 - 03:47 AM.


#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:44 AM

Posted 29 August 2009 - 09:38 AM

Well, the log you posted has given me some hope.

Lets try again.


Step 1

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text)"%userprofile%\desktop\win32kdiag.exe" -f -r
into the "Open" box, and click OK.
When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with notepad and post the contents here.

==========

Step 2

Please do this:
  • Click on the Start button, then click on Run...
  • In the empty "Open:" box provided, type cmd and press Enter
    • This will launch a Command Prompt window (looks like DOS).
  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

    copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\ /y
  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
  • Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
    NOTE: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy was not successful.
  • Exit the Command Prompt window.
==========

Step 3

:thumbup2: Warning to others reading this thread!: The Avenger is a VERY POWERFUL program, and can easily be misused.
Certain misuses of this program can prevent your system from ever starting again.
For this reason, it is strongly recommended to use The Avenger only as directed and under qualified supervision.
We can accept no responsibility for damage caused by misuse of the program.
:)
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
    Files to move:C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.
==========

With your next post please provide:

* Win32kDiag.txt
* Avenger.txt

Edited by SifuMike, 29 August 2009 - 09:39 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 sstefano

sstefano
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 29 August 2009 - 10:40 AM

SifuMike,

That's excellent news and thank you very much for your help!

Here is the Win32kDiag.exe Log, with the Avenger.txt log below that...

------------------------------------Win32kDiag.txt-----------------------------------

Log file is located at: C:\Documents and Settings\Stiven Stefanoski\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\system32\cmd.exe

Attempting to restore permissions of : C:\WINDOWS\system32\cmd.exe

[1] 2004-08-10 08:00:00 388608 C:\WINDOWS\$NtServicePackUninstall$\cmd.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:14 389120 C:\WINDOWS\ServicePackFiles\i386\cmd.exe (Microsoft Corporation)

[2] 2009-08-22 20:28:46 389120 C:\WINDOWS\system32\CF11705.exe (Microsoft Corporation)

[2] 2009-08-28 19:03:14 389120 C:\WINDOWS\system32\CF16655.exe (Microsoft Corporation)

[2] 2009-08-28 21:59:55 389120 C:\WINDOWS\system32\CF18505.exe (Microsoft Corporation)

[2] 2009-08-24 19:04:36 389120 C:\WINDOWS\system32\CF2450.exe (Microsoft Corporation)

[2] 2009-08-29 04:06:55 389120 C:\WINDOWS\system32\CF24877.exe (Microsoft Corporation)

[2] 2009-08-29 04:12:56 389120 C:\WINDOWS\system32\CF26056.exe (Microsoft Corporation)

[2] 2009-08-22 20:06:14 389120 C:\WINDOWS\system32\CF7294.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:14 389120 C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-10 08:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 60928 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\GroupPolicy\User\User

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\GroupPolicy\User\User

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Found mount point : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Macromed\update\update

Cannot access: C:\WINDOWS\system32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe

[1] 2009-07-29 20:49:14 24281536 C:\WINDOWS\system32\MRT.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Cannot access: C:\WINDOWS\system32\Process.exe

Attempting to restore permissions of : C:\WINDOWS\system32\Process.exe

[1] 2003-06-05 21:13:00 53248 C:\WINDOWS\system32\Process.exe (http://www.beyondlogic.org)



Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Cannot access: C:\WINDOWS\system32\tmp.txt

Attempting to restore permissions of : C:\WINDOWS\system32\tmp.txt

[1] 2009-08-18 23:17:34 0 C:\WINDOWS\system32\tmp.txt ()



Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Cannot access: C:\WINDOWS\system32\WRLogonNtf.dll

Attempting to restore permissions of : C:\WINDOWS\system32\WRLogonNtf.dll

[1] 2006-10-20 15:29:42 209408 C:\WINDOWS\system32\WRLogonNtf.dll (Webroot Software, Inc.)



Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\options\images\images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\options\images\images

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\tellafriend\offline\images\images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\tellafriend\offline\images\images

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\buttons\buttons

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\buttons\buttons

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\dialogs\dialogs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\dialogs\dialogs

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\dropdowns\dropdowns

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\dropdowns\dropdowns

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\htmldialog\htmldialog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\htmldialog\htmldialog

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\list\list

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\list\list

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\listMenu\listMenu

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\listMenu\listMenu

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\notification\notification

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\notification\notification

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\options_menu_button\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\options_menu_button\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\preview\preview

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\preview\preview

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\scrollbar\scrollbar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\scrollbar\scrollbar

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\searchWidget\searchWidget

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\searchWidget\searchWidget

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\selectors\selectors

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\selectors\selectors

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\shared_graphics\shared_graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\shared_graphics\shared_graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\tray_scroller\tray_scroller

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\core\UI_elements\tray_scroller\tray_scroller

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\AdvancedOptions\AdvancedOptions

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\AdvancedOptions\AdvancedOptions

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\alerts\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\alerts\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\bookmarks\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\bookmarks\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\GeneralOptions\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\GeneralOptions\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\options\images\images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\options\images\images

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Autumn\Autumn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Autumn\Autumn

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Birthday\Birthday

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Birthday\Birthday

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Chanukah\Chanukah

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Chanukah\Chanukah

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Christmas\Christmas

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Christmas\Christmas

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Halloween\Halloween

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Halloween\Halloween

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\New Baby\New Baby

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\New Baby\New Baby

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\New Years\New Years

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\New Years\New Years

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Sports\Sports

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frames\Sports\Sports

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frame_template\frame_template

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\frame_template\frame_template

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\offline\images\images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\offline\images\images

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\wizard\html\images\images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\wizard\html\images\images

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\wizard\tests\tests

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview\wizard\tests\tests

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview2\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoview2\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoviewVista\core\core

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoviewVista\core\core

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoviewVista\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoviewVista\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoviewVista\includes\includes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\photoviewVista\includes\includes

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\popups\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\popups\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\search\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\search\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\SelectorEditor\SelectorEditor

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\SelectorEditor\SelectorEditor

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\SkinChooser\SkinChooser

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\features\SkinChooser\SkinChooser

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\ThemeTemplates\Default\Default

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\AllUsersData\SkinEngine\ThemeTemplates\Default\Default

Found mount point : C:\WINDOWS\Temp\0\Private\Runtime\ProgFiles\ProgFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Runtime\ProgFiles\ProgFiles

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\assets\colorSchemes\backgrounds\backgrounds

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\assets\colorSchemes\backgrounds\backgrounds

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\assets\graphics\tellafriend_offline\images\images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\assets\graphics\tellafriend_offline\images\images

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Amazon\core\core

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Amazon\core\core

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Amazon\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Amazon\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Amazon\includes\includes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Amazon\includes\includes

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\ThemeCustomizer\images\images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\ThemeCustomizer\images\images

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Weather\core\core

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Weather\core\core

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Weather\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Weather\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Weather\includes\includes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\features\Weather\includes\includes

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\production\automationScripts\automationScripts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Default\production\automationScripts\automationScripts

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\colorSchemes\backgrounds\backgrounds

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\colorSchemes\backgrounds\backgrounds

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\graphics\barintro_images\barintro_images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\graphics\barintro_images\barintro_images

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\graphics\Includes\Includes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\graphics\Includes\Includes

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\graphics\tellafriend_offline\images\images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\assets\graphics\tellafriend_offline\images\images

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Amazon\core\core

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Amazon\core\core

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Amazon\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Amazon\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\options\images\images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\options\images\images

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\ThemeCustomizer\images\images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\ThemeCustomizer\images\images

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Weather\core\core

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Weather\core\core

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Weather\graphics\graphics

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Weather\graphics\graphics

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Weather\includes\includes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\AllUsersData\ThemesV3\Windows\features\Weather\includes\includes

Found mount point : C:\WINDOWS\Temp\0\Private\Vendor\ProgFiles\ProgFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\0\Private\Vendor\ProgFiles\ProgFiles

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\de\de

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\de\de

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\el\el

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\el\el

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\en\en

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\en\en

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\en-gb\en-gb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\en-gb\en-gb

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\es\es

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\es\es

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\fi\fi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\fi\fi

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\fr\fr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\fr\fr

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\HTML\HTML

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\HTML\HTML

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\it\it

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\it\it

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\ja\ja

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\ja\ja

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\ko\ko

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\ko\ko

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\nl\nl

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\nl\nl

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\no\no

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\no\no

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\pl\pl

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\pl\pl

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\pt-br\pt-br

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\pt-br\pt-br

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\ru\ru

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\ru\ru

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\sv\sv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\sv\sv

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\th\th

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\th\th

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\tr\tr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\tr\tr

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\zh-cn\zh-cn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\zh-cn\zh-cn

Found mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\zh-tw\zh-tw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gis8cabb\2.4.1368.5602\zh-tw\zh-tw

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\el\el

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\el\el

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\en\en

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\en\en

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\en-gb\en-gb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\en-gb\en-gb

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\es\es

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\es\es

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\fi\fi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\fi\fi

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\fr\fr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\fr\fr

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\HTML\HTML

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\HTML\HTML

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\it\it

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\it\it

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\ja\ja

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\ja\ja

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\ko\ko

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\ko\ko

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\nl\nl

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\nl\nl

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\no\no

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\no\no

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\pl\pl

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\pl\pl

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\pt-br\pt-br

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\pt-br\pt-br

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\ru\ru

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\ru\ru

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\sv\sv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\sv\sv

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\th\th

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\th\th

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\tr\tr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\tr\tr

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\zh-cn\zh-cn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\zh-cn\zh-cn

Found mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\zh-tw\zh-tw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\gisd22bb\2.4.1536.6592\zh-tw\zh-tw

Found mount point : C:\WINDOWS\Temp\mcu12C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu12C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu13D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu13D.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu165.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu165.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu249.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu249.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu2F6.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu2F6.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu319.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu319.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu3DB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu3DB.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu4D6.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu4D6.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu50.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu50.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu5F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu5F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu60.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu60.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu64.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu64.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu6A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu6A.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu6C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu6C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu6D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu6D.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu6D0.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu6D0.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu6F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu6F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu88.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu88.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu96.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu96.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuAB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuAB.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuCD.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuCD.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\ProdID\bases\bases

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\ProdID\bases\bases

Found mount point : C:\WINDOWS\Temp\viewmgr\viewmgr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\viewmgr\viewmgr

Found mount point : C:\WINDOWS\Temp\vmgr\4294955451\4294955451

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\vmgr\4294955451\4294955451

Found mount point : C:\WINDOWS\Temp\vmgr\490903\490903

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\vmgr\490903\490903

Found mount point : C:\WINDOWS\Temp\vmgr\708927\708927

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\vmgr\708927\708927

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2



Finished!






----------------------------------------Avenger.txt--------------------------------------------

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:44 AM

Posted 29 August 2009 - 11:06 AM

Hi,


Please do the following.

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    :filefind 
    eventlog.dll
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task

Edited by SifuMike, 29 August 2009 - 11:06 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 sstefano

sstefano
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 29 August 2009 - 11:41 AM

SystemLook v1.0 by jpshortstuff (28.08.09)
Log created at 12:11 on 29/08/2009 by Stiven Stefanoski (Administrator - Elevation successful)

========== filefind ==========

Searching for "eventlog.dll"
C:\Program Files\MATLAB\R2008b\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll --a--c 32890 bytes [18:50 13/12/2008] [21:22 23/01/2007] 4FA5D1120762802A741F374F8B391E69
C:\Program Files\Protector Suite QL\eventlog.dll --a--c 23552 bytes [22:50 05/05/2006] [22:50 05/05/2006] 885972DF728A6C0600C0133DCF7CDD78
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [03:39 03/10/2008] [12:00 10/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -----c 56320 bytes [01:35 24/09/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 56320 bytes [14:02 15/02/2006] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

-=End Of File=-

#15 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:44 AM

Posted 29 August 2009 - 11:53 AM

Hi,

What antivirus are you running?

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

Edited by SifuMike, 29 August 2009 - 11:54 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users