Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes/gmer/dds/root repeal won't run


  • This topic is locked This topic is locked
13 replies to this topic

#1 soniashannon

soniashannon

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 08 September 2009 - 10:54 AM

Hello all,

I was looking through topics to see if anyone was having exactly the same problems as me and I came across a post by Alankate27. I followed the advice given by Garmanma to download Win32kDiag, and since it was the only thing that’s actually worked for me, I’m following his advice. I’m pretty much of a noob, so forgive me if I say stupid things.
With the research I’ve done over the last few days, I’m pretty confident that I have some nasty rootkit thing happening. Mbam, gmer, spybot S&D, root repeal, Dr. Web etc. all download and run for a second, then die, and when I try to re-run them I’m told that I don’t have permission to do that. I'm also getting redirected from google searches. I’m (mostly) resigned to reinstalling my OS, so I went ahead and downloaded Avast just for laughs. It scanned and found a bunch of stuff which I got rid of, but the anti-virals still won’t work, so I think I still have rootkit(s).
Since Win32kDiag was the only thing that worked, here’s the log:



Log file is located at: C:\Documents and Settings\Owner-pc\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB956572\KB956572
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB956803\KB956803
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB957097\KB957097
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB961501\KB961501
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB967715\KB967715
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB971633\KB971633
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP202.tmp\ZAP202.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DC.tmp\ZAP2DC.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Minidump\Minidump
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\ERRORREP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Logs\Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\repair\Backup\BootableSystemState\BootableSystemState
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\security\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Adobe\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{BCA09563-C703-4394-AD3A-AACACC74E314}\{BCA09563-C703-4394-AD3A-AACACC74E314}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3519928212-3014706299-3887354751-1003\S-1-5-21-3519928212-3014706299-3887354751-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-448539723-606747145-1801674531-1003\S-1-5-21-448539723-606747145-1801674531-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3519928212-3014706299-3887354751-1003\S-1-5-21-3519928212-3014706299-3887354751-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-448539723-606747145-1801674531-1003\S-1-5-21-448539723-606747145-1801674531-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\12.0\12.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Portable Devices\Portable Devices
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft Help\Microsoft Help
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\System Tools\System Tools
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\dumprep.exe
[1] 2008-04-14 08:00:00 10752 C:\WINDOWS\system32\dllcache\dumprep.exe (Microsoft Corporation)
[1] 2008-04-14 08:00:00 10752 C:\WINDOWS\system32\dumprep.exe ()

Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2008-04-14 08:00:00 56320 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 08:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-14 08:00:00 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\GroupPolicy\ADM\ADM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Lang\Lang
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\LogFiles\LogFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust\FlashPlayerTrust
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\XPSEP\amd64\amd64
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Stack\images\images
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\good\good
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\x64\x64
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^

Finished!

EDIT:
I was able to run RootRepeal for everything but 'files', so here's the log of that:



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/08 16:41
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9EEA000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BD6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9081000 Size: 49152 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7924000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xA9F92000 Size: 61440 File Visible: No Signed: -
Status: -

Stealth Objects
-------------------
Object: Hidden Module [Name: UACyxgphhmxsl.dll]
Process: svchost.exe (PID: 1096) Address: 0x00760000 Size: 77824

Object: Hidden Module [Name: UACsunerjddiq.dll]
Process: svchost.exe (PID: 1096) Address: 0x00b10000 Size: 73728

Object: Hidden Module [Name: UACc2a5.tmpiwgosr.dll]
Process: svchost.exe (PID: 1096) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACyxgphhmxsl.dll]
Process: explorer.exe (PID: 3368) Address: 0x10000000 Size: 77824

Object: Hidden Module [Name: UACroemiwgosr.dll]
Process: Iexplore.exe (PID: 2636) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACroemiwgosr.dll]
Process: Iexplore.exe (PID: 1708) Address: 0x10000000 Size: 217088

Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACqqvqorydhg.sys

==EOF==

Edited by soniashannon, 08 September 2009 - 03:43 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 10 September 2009 - 12:27 PM

Please download The Avenger by Swandog46 and unzip it to your Desktop


Please open The Avenger. Then, please copy/paste the script inside the codebox into the Input script here: box..

Begin copying here:
Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
  • Now, click on Execute. Just say Yes at every prompted
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengers actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please copy/paste the content of c:\avenger.txt into your reply.



NEXT


Go to Start >> Run >> copy/paste below >> Enter. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 soniashannon

soniashannon
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 10 September 2009 - 05:42 PM

Hey,
Thanks so much for taking me on, and let me just say, your avatar is most excellent =D


Step one

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

step 2

I couldn't get this step working as you instructed. I went ahead on to the Combofix bit before I remembered that my downloader had saved Win32kDiag to a different folder. I ran it after doing Combofix and this is what I got (I'm really sorry if I've completely messed up.)

Log file is located at: C:\Documents and Settings\Owner-pc\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB956572\KB956572

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB956803\KB956803

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB957097\KB957097

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB961501\KB961501

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB967715\KB967715

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971633\KB971633

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB972260-IE8\KB972260-IE8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973874-IE8\KB973874-IE8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP133.tmp\ZAP133.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15E.tmp\ZAP15E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP202.tmp\ZAP202.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DC.tmp\ZAP2DC.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4B.tmp\ZAP4B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\ERRORREP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Logs\Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\BootableSystemState\BootableSystemState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 09:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\0f4651f0d7e6cb55f0a983df3c4744d0\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\122ece420ea2cadf18cdf04c90b6d8f1\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\12e31c1143e5f70785d44c867e7b3e13\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe ()

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\491a2c8e1582f5cdd01f8b3da4b8ef7d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\SoftwareDistribution\Download\66004d0acd607f44c08ee787c065c450\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a3070aa22efa6c72b3f657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\963193362d99ddbedffb21408a40248b\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\aa0fb978e2349db3550eea285e93f7f0\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\ab02de9444a68e46b9d94dbc7903bc14\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d492dac6f594bf63184cb839b64eb87d\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d74289c815a4c14cbe709a0654bda77e\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\d78980f289ff5cbd790156e5d1e92d28\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da369070f93700f340c57\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\update.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 09:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\0f4651f0d7e6cb55f0a983df3c4744d0\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\122ece420ea2cadf18cdf04c90b6d8f1\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\12e31c1143e5f70785d44c867e7b3e13\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe ()

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\491a2c8e1582f5cdd01f8b3da4b8ef7d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\SoftwareDistribution\Download\66004d0acd607f44c08ee787c065c450\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a3070aa22efa6c72b3f657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\963193362d99ddbedffb21408a40248b\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\aa0fb978e2349db3550eea285e93f7f0\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\ab02de9444a68e46b9d94dbc7903bc14\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d492dac6f594bf63184cb839b64eb87d\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d74289c815a4c14cbe709a0654bda77e\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\d78980f289ff5cbd790156e5d1e92d28\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da369070f93700f340c57\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\update.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 09:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\0f4651f0d7e6cb55f0a983df3c4744d0\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\122ece420ea2cadf18cdf04c90b6d8f1\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\12e31c1143e5f70785d44c867e7b3e13\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe ()

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\491a2c8e1582f5cdd01f8b3da4b8ef7d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\SoftwareDistribution\Download\66004d0acd607f44c08ee787c065c450\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a3070aa22efa6c72b3f657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\963193362d99ddbedffb21408a40248b\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\aa0fb978e2349db3550eea285e93f7f0\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\ab02de9444a68e46b9d94dbc7903bc14\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d492dac6f594bf63184cb839b64eb87d\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d74289c815a4c14cbe709a0654bda77e\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\d78980f289ff5cbd790156e5d1e92d28\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da369070f93700f340c57\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{BCA09563-C703-4394-AD3A-AACACC74E314}\{BCA09563-C703-4394-AD3A-AACACC74E314}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3519928212-3014706299-3887354751-1003\S-1-5-21-3519928212-3014706299-3887354751-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-448539723-606747145-1801674531-1003\S-1-5-21-448539723-606747145-1801674531-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3519928212-3014706299-3887354751-1003\S-1-5-21-3519928212-3014706299-3887354751-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-448539723-606747145-1801674531-1003\S-1-5-21-448539723-606747145-1801674531-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\12.0\12.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Portable Devices\Portable Devices

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft Help\Microsoft Help

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\System Tools\System Tools

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2008-04-14 08:00:00 10752 C:\WINDOWS\system32\dllcache\dumprep.exe (Microsoft Corporation)

[1] 2008-04-14 08:00:00 10752 C:\WINDOWS\system32\dumprep.exe ()



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\GroupPolicy\ADM\ADM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Lang\Lang

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\LogFiles\LogFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust\FlashPlayerTrust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-07-29 17:49:16 24281536 C:\WINDOWS\system32\MRT.exe ()



Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\quicktime\quicktime

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\XPSEP\amd64\amd64

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Stack\images\images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^



Finished!

step 3

ComboFix 09-09-10.01 - Owner-pc 09/10/2009 18:18.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.732 [GMT -4:00]
Running from: c:\documents and settings\Owner-pc\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner-pc\LOCALS~1\Temp\{2BD3661D-1384-4EF4-9E5C-DFDB8EE6E3EA}\spideragent_set.exe
c:\documents and settings\Owner-pc\Local Settings\Temp\{2BD3661D-1384-4EF4-9E5C-DFDB8EE6E3EA}\spideragent_set.exe
c:\windows\system32\1461z5ackt9ol30c.ocx
c:\windows\system32\1525h5ckt9olz86.exe
c:\windows\system32\1596vz925395.ocx
c:\windows\system32\1814hack95ol1zd.dll
c:\windows\system32\2495thief2z169.ocx
c:\windows\system32\2542spambo9zd8.exe
c:\windows\system32\2552dow5load9r14z9.ocx
c:\windows\system32\2590steal1957z.dll
c:\windows\system32\2954thi9f889z.dll
c:\windows\system32\3169v5z3154.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\4956no5-a-vizus4c9.exe
c:\windows\system32\5275hackzoole9.exe
c:\windows\system32\5328vi9us8z.exe
c:\windows\system32\593e5hzef891.dll
c:\windows\system32\603eaddz9re1625.dll
c:\windows\system32\643zpy9are1675.dll
c:\windows\system32\656dt9ief174z.ocx
c:\windows\system32\679adzware2858.ocx
c:\windows\system32\697zaddware3533.ocx
c:\windows\system32\722addware32z95.ocx
c:\windows\system32\754bt5rez91974.ocx
c:\windows\system32\769cste5l2489z.exe
c:\windows\system32\769ddownl5ader191z.dll
c:\windows\system32\902bthie51432z.exe
c:\windows\system32\961zh5ef861.ocx
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\df1add5zre269.ocx
c:\windows\system32\drivers\UACqqvqorydhg.sys
c:\windows\system32\drivers\ytasfwwqwbrsng.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\edad59are188z.exe
c:\windows\system32\ffzp5war9417.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\net.net
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\systeminfo3.dll
c:\windows\system32\tmp.reg
c:\windows\system32\UACcosddlynlw.db
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkljqjiejmm.dat
c:\windows\system32\UAClgyutaknys.dll
c:\windows\system32\UACroemiwgosr.dll
c:\windows\system32\UACsunerjddiq.dll
c:\windows\system32\UACyxgphhmxsl.dll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 21:28 . 2009-09-10 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-10 18:51 . 2009-09-10 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-10 18:51 . 2009-09-10 18:51 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-10 18:51 . 2009-09-10 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-08 23:04 . 2009-09-08 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 22:07 . 2009-09-08 22:13 -------- d-----w- c:\documents and settings\Owner-pc\Local Settings\Application Data\Freelang Dictionary
2009-09-08 20:35 . 2009-09-08 20:35 0 ----a-w- c:\documents and settings\Owner-pc\settings.dat
2009-09-08 19:31 . 2009-09-08 19:31 -------- d-----w- C:\School
2009-09-08 19:31 . 2009-09-08 19:31 -------- d-----w- C:\Fall '09
2009-09-08 19:31 . 2009-09-08 19:31 -------- d-----w- C:\Entertainment
2009-09-08 19:31 . 2009-09-08 19:31 -------- d-----w- C:\Misc
2009-09-08 19:31 . 2009-09-08 19:31 -------- d-----w- C:\Net
2009-09-08 19:31 . 2009-09-08 19:31 -------- d-----w- C:\Life
2009-09-08 19:29 . 2009-09-08 19:29 -------- d-sh--w- c:\documents and settings\Owner-pc\PrivacIE
2009-09-08 19:29 . 2009-09-08 19:29 -------- d-sh--w- c:\documents and settings\Owner-pc\IETldCache
2009-09-08 19:29 . 2009-09-08 19:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-08 19:25 . 2009-09-08 21:11 940784 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-08 19:19 . 2009-06-29 16:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-09-08 19:19 . 2009-06-29 16:23 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-09-07 15:45 . 2009-09-07 15:46 -------- d-----w- C:\7827fea5a176221b7d
2009-09-07 15:44 . 2009-09-07 15:52 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-07 15:39 . 2009-09-07 15:39 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2009-09-07 15:38 . 2009-09-08 21:10 -------- d--h--w- c:\windows\$hf_mig$
2009-09-06 06:34 . 2009-09-06 06:34 2 --shatr- c:\windows\winstart.bat
2009-09-06 06:33 . 2009-09-06 06:36 35040 ----a-w- c:\windows\system32\Partizan.exe
2009-09-06 06:33 . 2009-09-06 06:36 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-09-06 06:02 . 2009-06-29 16:23 459264 -c--a-w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-06 06:02 . 2009-06-29 16:23 268288 -c--a-w- c:\windows\system32\dllcache\iertutil.dll
2009-09-06 06:02 . 2009-06-29 16:23 52224 -c--a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-06 06:02 . 2009-06-29 16:23 63488 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2009-09-06 06:02 . 2009-06-29 11:25 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-09-06 06:02 . 2009-06-29 16:23 380928 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2009-09-06 06:02 . 2009-06-29 08:33 2452872 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2009-09-06 06:02 . 2009-07-19 13:31 6070784 -c--a-w- c:\windows\system32\dllcache\ieframe.dll
2009-09-06 06:00 . 2009-02-06 11:03 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-06 06:00 . 2009-02-06 10:30 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-06 05:59 . 2009-02-06 10:30 2066176 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-09-06 05:59 . 2008-10-24 11:41 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-06 05:54 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-06 05:20 . 2009-09-06 05:20 -------- d-----w- c:\program files\Alwil Software
2009-09-06 05:06 . 2009-09-06 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-09-06 04:47 . 2009-09-06 06:26 -------- d-----w- c:\program files\Panda Security
2009-09-06 03:41 . 2009-09-08 16:22 -------- d-----w- C:\!KillBox
2009-09-05 20:03 . 2009-09-05 22:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-05 17:57 . 2009-07-15 18:19 103288 ----a-w- c:\windows\system32\drivers\dwprot.sys
2009-09-05 17:57 . 2009-09-05 17:57 -------- d-----w- c:\program files\Common Files\Doctor Web
2009-09-05 17:57 . 2009-09-05 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Doctor Web
2009-09-05 17:57 . 2009-09-05 19:03 -------- d-----w- c:\program files\DrWeb
2009-09-05 00:50 . 2009-09-05 04:31 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\IObit
2009-09-05 00:50 . 2009-09-05 00:50 -------- d-----w- c:\program files\IObit
2009-09-04 03:59 . 2009-09-05 17:49 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\Uniblue
2009-09-04 03:36 . 2009-09-06 04:35 -------- d-----w- c:\program files\RegGenie
2009-09-04 03:36 . 2009-07-01 21:13 161816 ----a-w- c:\windows\RegGenieOnUninstall.exe
2009-09-04 02:47 . 2009-09-05 18:21 -------- d-----w- c:\documents and settings\Owner-pc\DoctorWeb
2009-09-04 01:37 . 2009-09-04 01:37 68096 ----a-w- c:\windows\system32\drivers\uijxouqduyfvnnti.sys
2009-09-04 01:37 . 2009-09-04 01:37 -------- d-----w- C:\spoolerlogs
2009-09-04 01:27 . 2009-09-04 01:27 68096 ----a-w- c:\windows\system32\drivers\rbqhpmbitnwxrrxe.sys
2009-09-03 06:17 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-03 06:17 . 2009-09-03 06:17 -------- d-----w- c:\program files\iPod
2009-09-03 05:24 . 2009-09-04 01:37 -------- d--h--w- c:\windows\PIF
2009-09-02 22:27 . 2009-09-04 03:49 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMonkey
2009-09-02 19:37 . 2009-09-04 03:49 -------- d-----w- c:\documents and settings\Owner-pc\Local Settings\Application Data\MediaMonkey
2009-08-31 19:49 . 2008-04-14 04:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-08-31 19:49 . 2008-04-14 04:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-08-27 03:45 . 2009-09-04 02:37 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\dvdcss
2009-08-24 22:10 . 2009-08-31 04:30 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\Amazon
2009-08-22 05:35 . 2009-08-22 05:35 -------- d-----w- c:\program files\DVD Decrypter
2009-08-19 03:03 . 2009-08-19 03:03 -------- d-----w- c:\program files\Microsoft Reader
2009-08-19 03:03 . 2003-06-05 21:15 57436 ----a-w- c:\windows\DASShp.dll
2009-08-17 06:06 . 2009-09-08 16:35 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\vlc
2009-08-17 06:04 . 2009-08-17 06:04 -------- d-----w- c:\documents and settings\Owner-pc\Local Settings\Application Data\Graboid_Inc
2009-08-17 06:03 . 2009-08-17 06:04 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\MozillaControl
2009-08-17 06:03 . 2009-08-17 06:06 -------- d-----w- c:\documents and settings\Owner-pc\Local Settings\Application Data\Graboid
2009-08-17 06:03 . 2009-08-17 06:03 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-08-17 06:00 . 2009-08-17 06:12 -------- d-----w- c:\program files\Graboid
2009-08-15 23:32 . 2002-07-17 13:03 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2009-08-15 23:32 . 2002-07-17 12:05 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2009-08-15 23:12 . 2009-08-15 23:12 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 22:26 . 2009-02-25 06:05 -------- d-----w- c:\program files\DNA
2009-09-10 22:26 . 2009-02-25 06:05 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\DNA
2009-09-08 23:06 . 2009-05-03 17:44 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\Malwarebytes
2009-09-08 21:10 . 2009-02-01 06:35 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 20:37 . 2009-06-28 20:51 -------- d-----w- c:\program files\Bonjour
2009-09-07 16:00 . 2009-01-26 21:03 76536 ----a-w- c:\documents and settings\Owner-pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 15:43 . 2009-07-01 03:16 -------- d-----w- c:\program files\Wallpaper Master
2009-09-07 15:40 . 2009-01-26 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-05 19:04 . 2009-01-26 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-09-05 17:38 . 2009-04-18 22:03 -------- d-----w- c:\program files\DebugMode
2009-09-05 04:25 . 2009-07-31 16:15 -------- d-----w- c:\program files\Gridy
2009-09-05 04:25 . 2009-07-06 20:07 -------- d-----w- c:\program files\Jezzball
2009-09-05 04:25 . 2009-06-12 00:08 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\DVD Flick
2009-09-05 04:25 . 2009-02-14 23:23 -------- d-----w- c:\program files\Mozilla Sunbird
2009-09-04 11:27 . 2009-04-09 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-04 03:45 . 2009-04-23 16:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-04 02:49 . 2009-01-26 15:55 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-04 01:11 . 2009-07-29 01:55 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\.purple
2009-09-03 06:17 . 2009-07-24 16:57 -------- d-----w- c:\program files\iTunes
2009-09-03 06:17 . 2009-02-03 15:49 -------- d-----w- c:\program files\Common Files\Apple
2009-09-02 15:17 . 2009-02-03 15:51 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\Apple Computer
2009-08-31 04:37 . 2009-07-31 23:18 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\Vso
2009-08-31 04:37 . 2009-07-31 23:18 81920 ----a-w- c:\documents and settings\Owner-pc\Application Data\ezpinst.exe
2009-08-31 04:37 . 2009-07-31 23:18 47360 ----a-w- c:\documents and settings\Owner-pc\Application Data\pcouffin.sys
2009-08-24 04:04 . 2009-05-19 19:05 -------- d-----w- c:\program files\MozyHome
2009-08-24 03:31 . 2008-06-20 11:59 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-08-24 03:30 . 2009-08-24 03:30 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-08-19 03:03 . 2009-01-26 21:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-10 03:14 . 2009-03-05 03:43 -------- d-----w- c:\program files\DivX
2009-08-10 03:14 . 2009-06-04 04:06 -------- d-----w- c:\program files\Flock
2009-08-10 03:14 . 2009-08-10 03:14 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:34 . 2009-02-03 16:57 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\Move Networks
2009-08-04 17:30 . 2009-08-04 03:11 -------- d-----w- c:\program files\ABF software
2009-07-31 23:18 . 2009-07-31 23:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-30 16:05 . 2009-07-29 01:57 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\gtk-2.0
2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 01:56 . 2009-07-29 01:54 -------- d-----w- c:\program files\Aspell
2009-07-29 01:53 . 2009-07-29 01:53 -------- d-----w- c:\program files\Common Files\GTK
2009-07-25 18:13 . 2009-07-25 18:13 -------- d-----w- c:\program files\Convert AVI to MP4
2009-07-25 18:08 . 2009-07-25 18:08 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\Xilisoft Corporation
2009-07-25 18:07 . 2009-07-25 18:07 -------- d-----w- c:\program files\Xilisoft
2009-07-25 17:47 . 2009-07-25 17:46 -------- d-----w- c:\program files\NCH Software
2009-07-21 04:29 . 2009-07-21 04:29 -------- d-----w- c:\program files\VideoLAN
2009-07-21 04:26 . 2009-05-27 21:50 -------- d-----w- c:\documents and settings\Owner-pc\Application Data\Media Player Classic
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2006-10-18 20:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-07 04:10 . 2009-07-06 20:08 445 ----a-w- c:\windows\EntPack.dat
2009-06-29 16:23 . 2008-04-23 03:35 828928 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:23 . 2007-01-08 18:01 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-24 19:03 . 2009-05-19 19:05 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
.

------- Sigcheck -------


[-] 2009-08-24 . 31469362CD0DF7DAF40798265E906DA2 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-08-24 . 31469362CD0DF7DAF40798265E906DA2 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-25 321344]
"DeskDriveStartup"="c:\program files\Blue Onion Software\Desk Drive\DeskDrive.exe" [2009-03-31 65024]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-02 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-04 198160]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]

c:\documents and settings\Owner-pc\Start Menu\Programs\Startup\
Gridy.lnk - c:\program files\Gridy\Gridy.exe [2009-7-31 211272]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-24 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2009-1-31 286720]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-6-24 2876216]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [9/5/2009 1:57 PM 103288]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [5/19/2009 3:05 PM 54776]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);"c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe" --> c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [?]
S2 SPIDER;SpIDer Guard File System Monitor;\??\c:\progra~1\DrWeb\spider.sys --> c:\progra~1\DrWeb\spider.sys [?]
S2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe --> c:\progra~1\DrWeb\spidernt.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [8/15/2009 7:32 PM 16512]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Owner-pc\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Owner-pc\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [9/6/2009 2:33 AM 34760]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [9/7/2009 11:39 AM 24416]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\DrWeb\drwebsp.dll
FF - ProfilePath - c:\documents and settings\Owner-pc\Application Data\Mozilla\Firefox\Profiles\kwchyh0l.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\documents and settings\Owner-pc\Application Data\Mozilla\Firefox\Profiles\kwchyh0l.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SpIDerAgent - c:\program files\DrWeb\SpIDerAgent.exe
HKLM-Run-SpIDerMail - c:\program files\DrWeb\spiderml.exe
HKLM-Run-SpIDerNT - c:\progra~1\DrWeb\spiderui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 18:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(936)
c:\program files\DrWeb\drwebsp.dll

- - - - - - - > 'explorer.exe'(1436)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\MozyHome\mozybackup.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-10 18:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 22:31

Pre-Run: 62,327,488,512 bytes free
Post-Run: 62,339,067,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

344 --- E O F --- 2009-09-10 19:45

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 10 September 2009 - 11:44 PM

I remembered that my downloader had saved Win32kDiag to a different folder


That's the reason the fix failed.. I specifically asked Win32kDiag to save directly to Desktop.. Please save Win32kDiag directly to Desktop and repeat below step once again..

Go to Start >> Run >> copy/paste below >> Enter. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 soniashannon

soniashannon
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 11 September 2009 - 06:59 AM

Ok, I didn't see where you told me to download it. Sorry 'bout that =\
Anyway, thanks for clarifying, and here's the log:



Log file is located at: C:\Documents and Settings\Owner-pc\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB956572\KB956572

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956572\KB956572

Found mount point : C:\WINDOWS\$hf_mig$\KB956803\KB956803

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956803\KB956803

Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Found mount point : C:\WINDOWS\$hf_mig$\KB957097\KB957097

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB957097\KB957097

Found mount point : C:\WINDOWS\$hf_mig$\KB961501\KB961501

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB961501\KB961501

Found mount point : C:\WINDOWS\$hf_mig$\KB967715\KB967715

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB967715\KB967715

Found mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB968537\KB968537

Found mount point : C:\WINDOWS\$hf_mig$\KB971633\KB971633

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971633\KB971633

Found mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971657\KB971657

Found mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961

Found mount point : C:\WINDOWS\$hf_mig$\KB972260-IE8\KB972260-IE8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB972260-IE8\KB972260-IE8

Found mount point : C:\WINDOWS\$hf_mig$\KB973874-IE8\KB973874-IE8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB973874-IE8\KB973874-IE8

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP133.tmp\ZAP133.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP133.tmp\ZAP133.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15E.tmp\ZAP15E.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15E.tmp\ZAP15E.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP202.tmp\ZAP202.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP202.tmp\ZAP202.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DC.tmp\ZAP2DC.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DC.tmp\ZAP2DC.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4B.tmp\ZAP4B.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4B.tmp\ZAP4B.tmp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Minidump\Minidump

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ERRORREP\ERRORREP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\ERRORREP

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\Logs\Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Logs\Logs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\repair\Backup\BootableSystemState\BootableSystemState

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\repair\Backup\BootableSystemState\BootableSystemState

Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceState

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 09:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\0f4651f0d7e6cb55f0a983df3c4744d0\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\122ece420ea2cadf18cdf04c90b6d8f1\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\12e31c1143e5f70785d44c867e7b3e13\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\491a2c8e1582f5cdd01f8b3da4b8ef7d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\SoftwareDistribution\Download\66004d0acd607f44c08ee787c065c450\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe ()

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a3070aa22efa6c72b3f657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\963193362d99ddbedffb21408a40248b\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\aa0fb978e2349db3550eea285e93f7f0\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\ab02de9444a68e46b9d94dbc7903bc14\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d492dac6f594bf63184cb839b64eb87d\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d74289c815a4c14cbe709a0654bda77e\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\d78980f289ff5cbd790156e5d1e92d28\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da369070f93700f340c57\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\update.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 09:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\0f4651f0d7e6cb55f0a983df3c4744d0\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\122ece420ea2cadf18cdf04c90b6d8f1\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\12e31c1143e5f70785d44c867e7b3e13\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\491a2c8e1582f5cdd01f8b3da4b8ef7d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\SoftwareDistribution\Download\66004d0acd607f44c08ee787c065c450\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a3070aa22efa6c72b3f657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\963193362d99ddbedffb21408a40248b\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\aa0fb978e2349db3550eea285e93f7f0\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\ab02de9444a68e46b9d94dbc7903bc14\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d492dac6f594bf63184cb839b64eb87d\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d74289c815a4c14cbe709a0654bda77e\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\d78980f289ff5cbd790156e5d1e92d28\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da369070f93700f340c57\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\update.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 09:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\0f4651f0d7e6cb55f0a983df3c4744d0\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\122ece420ea2cadf18cdf04c90b6d8f1\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\12e31c1143e5f70785d44c867e7b3e13\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\3361704fe1a0367fcfe17758efab6972\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\37ea7d9587e54acc7afa27dc26096f4f\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\491a2c8e1582f5cdd01f8b3da4b8ef7d\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\SoftwareDistribution\Download\66004d0acd607f44c08ee787c065c450\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8a43415b80a3070aa22efa6c72b3f657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\963193362d99ddbedffb21408a40248b\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\97f18c7ac91916468f96bb79c87bff6c\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\aa0fb978e2349db3550eea285e93f7f0\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\ab02de9444a68e46b9d94dbc7903bc14\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\b86b6a4fb33f1418ba334c3807fa2a23\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d194d4b245b41b1828615f889a43f7e0\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\d492dac6f594bf63184cb839b64eb87d\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\d74289c815a4c14cbe709a0654bda77e\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\d78980f289ff5cbd790156e5d1e92d28\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\dd6c2e7701be1a2e63281605463e5e51\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\SoftwareDistribution\Download\f6ae6c01481096f08117233982ca37f9\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\fa2ebe7f385da369070f93700f340c57\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\fae8bc4d2da2adc1b9109ef4e6cecd1f\update\update.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Adobe\update\update

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{BCA09563-C703-4394-AD3A-AACACC74E314}\{BCA09563-C703-4394-AD3A-AACACC74E314}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{BCA09563-C703-4394-AD3A-AACACC74E314}\{BCA09563-C703-4394-AD3A-AACACC74E314}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3519928212-3014706299-3887354751-1003\S-1-5-21-3519928212-3014706299-3887354751-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3519928212-3014706299-3887354751-1003\S-1-5-21-3519928212-3014706299-3887354751-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-448539723-606747145-1801674531-1003\S-1-5-21-448539723-606747145-1801674531-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-448539723-606747145-1801674531-1003\S-1-5-21-448539723-606747145-1801674531-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3519928212-3014706299-3887354751-1003\S-1-5-21-3519928212-3014706299-3887354751-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3519928212-3014706299-3887354751-1003\S-1-5-21-3519928212-3014706299-3887354751-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-448539723-606747145-1801674531-1003\S-1-5-21-448539723-606747145-1801674531-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-448539723-606747145-1801674531-1003\S-1-5-21-448539723-606747145-1801674531-1003

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\12.0\12.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\12.0\12.0

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Portable Devices\Portable Devices

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Portable Devices\Portable Devices

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft Help\Microsoft Help

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft Help\Microsoft Help

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\System Tools\System Tools

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\System Tools\System Tools

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Cannot access: C:\WINDOWS\system32\dumprep.exe

Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe

[1] 2008-04-14 08:00:00 10752 C:\WINDOWS\system32\dllcache\dumprep.exe (Microsoft Corporation)

[1] 2008-04-14 08:00:00 10752 C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\GroupPolicy\ADM\ADM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\GroupPolicy\ADM\ADM

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Found mount point : C:\WINDOWS\system32\Lang\Lang

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Lang\Lang

Found mount point : C:\WINDOWS\system32\LogFiles\LogFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\LogFiles\LogFiles

Found mount point : C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust\FlashPlayerTrust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust\FlashPlayerTrust

Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Cannot access: C:\WINDOWS\system32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe

[1] 2009-07-29 17:49:16 24281536 C:\WINDOWS\system32\MRT.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\quicktime\quicktime

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\quicktime\quicktime

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\temp\temp

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\spool\XPSEP\amd64\amd64

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\XPSEP\amd64\amd64

Found mount point : C:\WINDOWS\system32\Stack\images\images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Stack\images\images

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\x64\x64

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\x64\x64

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2



Finished!

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 11 September 2009 - 07:19 AM

That's nice :( Now run Win32kDiag once again (just double-click it) and then post the log here :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 soniashannon

soniashannon
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 11 September 2009 - 10:12 AM

Here's what I got this time:

Log file is located at: C:\Documents and Settings\Owner-pc\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 11 September 2009 - 10:36 AM

Go HERE and download Dr.Web CureIt to the Desktop. It will be download as random filename.
  • Run Dr.Web CureIt (random filename) and let it run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 soniashannon

soniashannon
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 11 September 2009 - 02:57 PM

Here's that one:

Combo-Fix.exe\32788R22FWJFW\c.bat;C:\Documents and Settings\Owner-pc\Desktop\Combo-Fix.exe;Probably BATCH.Virus;;
Combo-Fix.exe;C:\Documents and Settings\Owner-pc\Desktop;Archive contains infected objects;Moved.;
CF975BBDd01;C:\mary shannon\Owner-pc\Local Settings\Application Data\Mozilla\Firefox\Profiles\uw4iu3ou.default\Cache(2);Probably SCRIPT.Virus;Incurable.Moved.;
Process.exe;C:\Program Files\Mozilla Firefox\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Program Files\Mozilla Firefox\SmitfraudFix;Tool.ShutDown.14;Incurable.Moved.;
net.net.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Click.25308;Deleted.;
Process.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
UACroemiwgosr.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.Tdss.433;Deleted.;
A0052450.exe\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{095CA138-0324-44D6-A381-8E0869A32946}\RP179\A0052450.exe;Probably BATCH.Virus;;
A0052450.exe;C:\System Volume Information\_restore{095CA138-0324-44D6-A381-8E0869A32946}\RP179;Archive contains infected objects;Moved.;
SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\WINDOWS\system32\SmitfraudFix.exe;Tool.Prockill;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\WINDOWS\system32\SmitfraudFix.exe;Tool.ShutDown.14;;
SmitfraudFix.exe;C:\WINDOWS\system32;Archive contains infected objects;Moved.;

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 11 September 2009 - 03:08 PM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :(



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 soniashannon

soniashannon
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 11 September 2009 - 03:17 PM

It seems to be doing alright. The redirects are dead and gone, no problem running the programs you told me to, everything seems back to normal, so thanks a bazillion^10.

I just have one more question. When the strange behavior started, my external HD was connected, and I wonder, could it be infected/harboring any nasties? If so, what course of action would you recommend? If I should ask about this elsewhere, just point the way, and feel free to close the thread.

Thanks so, so, so much again. You saved me from a great big pain in the butt having to reformat. =D

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 11 September 2009 - 03:30 PM

I just have one more question. When the strange behavior started, my external HD was connected, and I wonder, could it be infected/harboring any nasties? If so, what course of action would you recommend?


Simply do a fullscan for the external HD with your antivirus..

Anymore questions? :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 soniashannon

soniashannon
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 11 September 2009 - 06:17 PM

Nope, I'm :( Thanks for everything! You rule.

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 11 September 2009 - 10:01 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users