Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-virus and malware removal tools disabled


  • This topic is locked This topic is locked
55 replies to this topic

#1 vjc

vjc

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 15 September 2009 - 08:45 PM

My computer experienced Police Pro and/or Antivirus 2010 which disabled AVG 8.5 along with Malwarebytes, Norman Malware remover, spy doctor and Hijack This ... I have manually removed all registry items and files that I could locate and the computer does not show any sign of the virus while in safe mode, however it still will not run AVG scans or any other malware removal tools, so my assumption is that there is something still running that I am not seeing.

I tried to run RootRepeal, but it crashes if I request Files to be scanned. I then ran Win32kDiag and it appears to have run below is the log. Any help in getting AVG and a Malware removal tool running would be greatly appreciated!!!!!


Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINNT'...



Found mount point : C:\WINNT\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB956390\KB956390

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB968389\KB968389

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB969897\KB969897

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB971961-IE8\KB971961-IE8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\A5W_DATA\A5W_DATA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\assembly\GAC_32\GAC_32

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\assembly\GAC_MSIL\GAC_MSIL

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Downloaded Program Files\CONFLICT.1\CONFLICT.1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Drivers\Intel\Intel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\PCHEALTH\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINNT\PCHEALTH\HELPCTR\Binaries\helpsvc.exe

[1] 2004-08-04 03:56:50 743936 C:\WINNT\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINNT\PCHEALTH\HELPCTR\Binaries\helpsvc.exe ()

[1] 2008-04-13 20:12:21 744448 C:\WINNT\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINNT\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Profiles\All Users\Adobe\Webbuy\Webbuy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\4ee3fbebbfecab84fe3a0e44ae24966f\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\73a765a7ebf2e1b5a6655f2bb798b30f\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINNT\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

[1] 2004-07-28 19:15:07 654336 C:\WINNT\$hf_mig$\KB834707\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 18:46:38 654848 C:\WINNT\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB873333\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINNT\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB883939\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINNT\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINNT\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINNT\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINNT\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINNT\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINNT\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB890047\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINNT\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINNT\$hf_mig$\KB890923\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB893066\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINNT\$hf_mig$\KB893086\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINNT\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINNT\$hf_mig$\KB896688\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB896727\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINNT\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB899588\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINNT\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB905915\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINNT\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB912812\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINNT\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB916281\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB918899\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINNT\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB922760\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINNT\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB924496\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB928090\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB929338\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:21 716000 C:\WINNT\$hf_mig$\KB931768\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB932168\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB933566\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINNT\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB937143\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINNT\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB939653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB942615\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINNT\$hf_mig$\KB943460\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB944338\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINNT\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINNT\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB947864\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINNT\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB950759\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINNT\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB953838\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINNT\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB963027\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB972260\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\$hf_mig$\KB973874-IE8\update\update.exe (Microsoft Corporation)

[2] 2002-08-29 03:37:20 77824 C:\WINNT\ServicePackFiles\i386\auupdate.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINNT\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\SoftwareDistribution\Download\0f1f7f5eb2a06ca8f9c064b451608f13\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\SoftwareDistribution\Download\12e31c1143e5f70785d44c867e7b3e13\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\update\update.exe (Microsoft Corporation)

[1] 2006-04-10 12:36:18 710584 C:\WINNT\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\SoftwareDistribution\Download\73a765a7ebf2e1b5a6655f2bb798b30f\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINNT\SoftwareDistribution\Download\a09e36da4791f68199043c4317df08f9\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\SoftwareDistribution\Download\b74f57061a295f3d8e7e9f0cf93a4198\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINNT\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe ()



Found mount point : C:\WINNT\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINNT\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe

[1] 2004-07-28 19:15:07 654336 C:\WINNT\$hf_mig$\KB834707\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 18:46:38 654848 C:\WINNT\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB873333\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINNT\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB883939\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINNT\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINNT\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINNT\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINNT\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINNT\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:54 654848 C:\WINNT\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB890047\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINNT\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINNT\$hf_mig$\KB890923\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINNT\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB893066\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 19:35:06 718048 C:\WINNT\$hf_mig$\KB893086\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINNT\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINNT\$hf_mig$\KB896688\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB896727\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINNT\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB899588\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINNT\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINNT\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB905915\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINNT\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB912812\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINNT\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB916281\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB918899\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINNT\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB922760\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINNT\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB924496\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:16:51 716000 C:\WINNT\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB928090\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB929338\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:21 716000 C:\WINNT\$hf_mig$\KB931768\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB932168\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB933566\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINNT\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB937143\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINNT\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 15:29:19 716000 C:\WINNT\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB939653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB942615\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINNT\$hf_mig$\KB943460\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB944338\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINNT\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:20:44 755576 C:\WINNT\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB947864\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:56 716000 C:\WINNT\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB950759\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 11:25:31 755576 C:\WINNT\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB953838\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 13:18:04 755576 C:\WINNT\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB963027\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 03:38:29 755576 C:\WINNT\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB972260\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\$hf_mig$\KB973874-IE8\update\update.exe (Microsoft Corporation)

[2] 2002-08-29 03:37:20 77824 C:\WINNT\ServicePackFiles\i386\auupdate.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINNT\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\SoftwareDistribution\Download\0f1f7f5eb2a06ca8f9c064b451608f13\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:22 755576 C:\WINNT\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\SoftwareDistribution\Download\12e31c1143e5f70785d44c867e7b3e13\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\update\update.exe (Microsoft Corporation)

[1] 2006-04-10 12:36:18 710584 C:\WINNT\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINNT\SoftwareDistribution\Download\73a765a7ebf2e1b5a6655f2bb798b30f\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 07:40:52 755576 C:\WINNT\SoftwareDistribution\Download\8aff2c132bea63255d1cab83ef37c507\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINNT\SoftwareDistribution\Download\a09e36da4791f68199043c4317df08f9\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 08:39:18 755576 C:\WINNT\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 21:22:59 716000 C:\WINNT\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINNT\SoftwareDistribution\Download\b74f57061a295f3d8e7e9f0cf93a4198\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 09:02:04 755576 C:\WINNT\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

[1] 2008-07-08 09:02:04 755576 C:\WINNT\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe ()



Found mount point : C:\WINNT\SoftwareDistribution\Download\feba56dcf41a925dcdd58101f4bd971d\feba56dcf41a925dcdd58101f4bd971d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\5a0d771158cfd69be5ddd26d8f58c73b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\Download\S-1-5-18\bd0c48d4592ffe3631c19bd04a50ac18\bd0c48d4592ffe3631c19bd04a50ac18

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\Color\Color

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Preferences\Preferences

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\EDKDV5L3\EDKDV5L3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Identities\{4C42D5BE-4C27-440A-B06D-CCDCA42C8976}\{4C42D5BE-4C27-440A-B06D-CCDCA42C8976}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Identities\{9047900B-ED2B-4514-BABF-526A239E5149}\{9047900B-ED2B-4514-BABF-526A239E5149}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\InterTrust\ReceiptRepository\ReceiptRepository

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\InterVideo\WinDVD\4.0\Bookmark\Bookmark

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\C8RCR2AX\C8RCR2AX

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\My Documents\My eBooks\My eBooks

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINNT\system32\eventlog.dll

[1] 2004-08-04 03:56:42 55808 C:\WINNT\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINNT\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 61952 C:\WINNT\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINNT\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINNT\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\LogFiles\LogFiles

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINNT\system32\MRT.exe

[1] 2009-08-28 17:38:20 24689600 C:\WINNT\system32\MRT.exe ()



Found mount point : C:\WINNT\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\Temp\Owner\Owner

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:11 AM

Posted 19 September 2009 - 02:48 PM

Hello vjc,


Please refrain from making any changes to your system (updating, installing, removing, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.


Please save this file to your desktop.
Click on Start->Run, and copy-paste the following command (the bolded text)

"%userprofile%\desktop\win32kdiag.exe" -f -r

into the "Open" box, and click OK.
When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with notepad and post the contents here.

Edited by SifuMike, 19 September 2009 - 02:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 vjc

vjc
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 19 September 2009 - 03:48 PM

Thank you very much for the response. I read this forum from an uninfected computer. The computer that is infected has been disconnected from my network and is not touched right now accept when I receive instructions from this forum, so nothing will be modified while you are working the issue. I booted the infected computer into normal mode and follwed your instructions, but the logfile ended up with basically nothing in it. I rebooted into safe mode and below is the log requested:

Running from: C:\Documents and Settings\Owner\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINNT'...


Found mount point : C:\WINNT\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\$hf_mig$\KB925454\KB925454

Found mount point : C:\WINNT\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\$hf_mig$\KB944533\KB944533

Found mount point : C:\WINNT\$hf_mig$\KB956390\KB956390

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\$hf_mig$\KB956390\KB956390

Found mount point : C:\WINNT\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\$hf_mig$\KB956844\KB956844

Found mount point : C:\WINNT\$hf_mig$\KB968389\KB968389

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\$hf_mig$\KB968389\KB968389

Found mount point : C:\WINNT\$hf_mig$\KB969897\KB969897

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\$hf_mig$\KB969897\KB969897

Found mount point : C:\WINNT\$hf_mig$\KB971961-IE8\KB971961-IE8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\$hf_mig$\KB971961-IE8\KB971961-IE8

Found mount point : C:\WINNT\A5W_DATA\A5W_DATA

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\A5W_DATA\A5W_DATA

Found mount point : C:\WINNT\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\addins\addins

Found mount point : C:\WINNT\assembly\GAC_32\GAC_32

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\assembly\GAC_32\GAC_32

Found mount point : C:\WINNT\assembly\GAC_MSIL\GAC_MSIL

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\assembly\GAC_MSIL\GAC_MSIL

Found mount point : C:\WINNT\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\assembly\NativeImages_v2.0.50727_32\Temp\Temp

Found mount point : C:\WINNT\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\assembly\temp\temp

Found mount point : C:\WINNT\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\assembly\tmp\tmp

Found mount point : C:\WINNT\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Config\Config

Found mount point : C:\WINNT\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Connection Wizard\Connection Wizard

Found mount point : C:\WINNT\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Debug\UserMode\UserMode

Found mount point : C:\WINNT\Downloaded Program Files\CONFLICT.1\CONFLICT.1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Downloaded Program Files\CONFLICT.1\CONFLICT.1

Found mount point : C:\WINNT\Drivers\Intel\Intel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Drivers\Intel\Intel

Found mount point : C:\WINNT\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\ftpcache\ftpcache

Found mount point : C:\WINNT\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Help\SBSI\Training\WXPPer\Cbz\Cbz

Found mount point : C:\WINNT\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Help\SBSI\Training\WXPPer\Lib\Lib

Found mount point : C:\WINNT\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Help\SBSI\Training\WXPPer\Wave\Wave

Found mount point : C:\WINNT\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\ime\chsime\applets\applets

Found mount point : C:\WINNT\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\ime\CHTIME\Applets\Applets

Found mount point : C:\WINNT\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\ime\imejp\applets\applets

Found mount point : C:\WINNT\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\ime\imejp98\imejp98

Found mount point : C:\WINNT\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\ime\imjp8_1\applets\applets

Found mount point : C:\WINNT\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\ime\imkr6_1\applets\applets

Found mount point : C:\WINNT\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINNT\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\ime\shared\res\res

Found mount point : C:\WINNT\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\java\trustlib\trustlib

Found mount point : C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINNT\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Minidump\Minidump

Found mount point : C:\WINNT\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\msapps\msinfo\msinfo

Found mount point : C:\WINNT\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\mui\mui

Found mount point : C:\WINNT\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINNT\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINNT\PCHEALTH\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\PCHEALTH\ERRORREP\UserDumps\UserDumps

Found mount point : C:\WINNT\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\PCHEALTH\HELPCTR\BATCH\BATCH

Found mount point : C:\WINNT\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Found mount point : C:\WINNT\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Found mount point : C:\WINNT\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINNT\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\PCHEALTH\HELPCTR\System\DFS\DFS

Found mount point : C:\WINNT\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\PCHEALTH\HELPCTR\Temp\Temp

Found mount point : C:\WINNT\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\PIF\PIF

Found mount point : C:\WINNT\Profiles\All Users\Adobe\Webbuy\Webbuy

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Profiles\All Users\Adobe\Webbuy\Webbuy

Found mount point : C:\WINNT\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Registration\CRMLog\CRMLog

Found mount point : C:\WINNT\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\security\logs\logs

Found mount point : C:\WINNT\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\AuthCabs\AuthCabs

Found mount point : C:\WINNT\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Found mount point : C:\WINNT\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Found mount point : C:\WINNT\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\backup\backup

Found mount point : C:\WINNT\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\backup\backup

Found mount point : C:\WINNT\SoftwareDistribution\Download\4ee3fbebbfecab84fe3a0e44ae24966f\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\4ee3fbebbfecab84fe3a0e44ae24966f\update\update

Found mount point : C:\WINNT\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update

Found mount point : C:\WINNT\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Found mount point : C:\WINNT\SoftwareDistribution\Download\73a765a7ebf2e1b5a6655f2bb798b30f\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\73a765a7ebf2e1b5a6655f2bb798b30f\backup\backup

Found mount point : C:\WINNT\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\backup\backup

Found mount point : C:\WINNT\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\backup\backup

Found mount point : C:\WINNT\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Found mount point : C:\WINNT\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Found mount point : C:\WINNT\SoftwareDistribution\Download\feba56dcf41a925dcdd58101f4bd971d\feba56dcf41a925dcdd58101f4bd971d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\feba56dcf41a925dcdd58101f4bd971d\feba56dcf41a925dcdd58101f4bd971d

Found mount point : C:\WINNT\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\5a0d771158cfd69be5ddd26d8f58c73b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\5a0d771158cfd69be5ddd26d8f58c73b

Found mount point : C:\WINNT\SoftwareDistribution\Download\S-1-5-18\bd0c48d4592ffe3631c19bd04a50ac18\bd0c48d4592ffe3631c19bd04a50ac18

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\Download\S-1-5-18\bd0c48d4592ffe3631c19bd04a50ac18\bd0c48d4592ffe3631c19bd04a50ac18

Found mount point : C:\WINNT\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINNT\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Sun\Java\Deployment\Deployment

Found mount point : C:\WINNT\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\1025\1025

Found mount point : C:\WINNT\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\1028\1028

Found mount point : C:\WINNT\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\1031\1031

Found mount point : C:\WINNT\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\1037\1037

Found mount point : C:\WINNT\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\1041\1041

Found mount point : C:\WINNT\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\1042\1042

Found mount point : C:\WINNT\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\1054\1054

Found mount point : C:\WINNT\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\2052\2052

Found mount point : C:\WINNT\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\3076\3076

Found mount point : C:\WINNT\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\3com_dmi\3com_dmi

Found mount point : C:\WINNT\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TempDir\TempDir

Found mount point : C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Found mount point : C:\WINNT\system32\Color\Color

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\Color\Color

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Collab\Collab

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Preferences\Preferences

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Preferences\Preferences

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\EDKDV5L3\EDKDV5L3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\EDKDV5L3\EDKDV5L3

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Identities\{4C42D5BE-4C27-440A-B06D-CCDCA42C8976}\{4C42D5BE-4C27-440A-B06D-CCDCA42C8976}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\Identities\{4C42D5BE-4C27-440A-B06D-CCDCA42C8976}\{4C42D5BE-4C27-440A-B06D-CCDCA42C8976}

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Identities\{9047900B-ED2B-4514-BABF-526A239E5149}\{9047900B-ED2B-4514-BABF-526A239E5149}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\Identities\{9047900B-ED2B-4514-BABF-526A239E5149}\{9047900B-ED2B-4514-BABF-526A239E5149}

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\InterTrust\ReceiptRepository\ReceiptRepository

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\InterTrust\ReceiptRepository\ReceiptRepository

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\InterVideo\WinDVD\4.0\Bookmark\Bookmark

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\InterVideo\WinDVD\4.0\Bookmark\Bookmark

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\C8RCR2AX\C8RCR2AX

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\C8RCR2AX\C8RCR2AX

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINNT\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINNT\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINNT\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\Local Settings\Temp\Temp

Found mount point : C:\WINNT\system32\config\systemprofile\My Documents\My eBooks\My eBooks

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\My Documents\My eBooks\My eBooks

Found mount point : C:\WINNT\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINNT\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINNT\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\dhcp\dhcp

Found mount point : C:\WINNT\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\drivers\disdn\disdn

Cannot access: C:\WINNT\system32\eventlog.dll

Attempting to restore permissions of : C:\WINNT\system32\eventlog.dll

[1] 2004-08-04 03:56:42 55808 C:\WINNT\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINNT\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 61952 C:\WINNT\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINNT\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINNT\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\export\export

Found mount point : C:\WINNT\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINNT\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINNT\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINNT\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\inetsrv\inetsrv

Found mount point : C:\WINNT\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\mui\dispspec\dispspec

Found mount point : C:\WINNT\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINNT\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\oobe\sample\sample

Found mount point : C:\WINNT\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\ShellExt\ShellExt

Found mount point : C:\WINNT\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\wbem\mof\bad\bad

Found mount point : C:\WINNT\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\wbem\snmp\snmp

Found mount point : C:\WINNT\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\wins\wins

Found mount point : C:\WINNT\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\system32\xircom\xircom

Found mount point : C:\WINNT\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Temp\Google Toolbar\Google Toolbar

Found mount point : C:\WINNT\Temp\Owner\Owner

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\Temp\Owner\Owner

Found mount point : C:\WINNT\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINNT\WinSxS\InstallTemp\InstallTemp



Finished!

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:11 AM

Posted 19 September 2009 - 05:53 PM

Hi vjc,

Log looks good. :) Lets do the next steps.

Please do this:
  • Click on the Start button, then click on Run...
  • In the empty "Open:" box provided, type cmd and press Enter[list]This will launch a Command Prompt window (looks like DOS).
[*] Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).
copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\ /y
[*] In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
[*] Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
NOTE: If you didn't get this message, stop and tell me first. Executing The Avenger script (next step) won't work if the file copy was not successful.
[*] Exit the Command Prompt window.



:( Warning to others reading this thread!: The Avenger is a VERY POWERFUL program, and can easily be misused.
Certain misuses of this program can prevent your system from ever starting again.
For this reason, it is strongly recommended to use The Avenger only as directed and under qualified supervision.
We can accept no responsibility for damage caused by misuse of the program.
:(
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
    Files to move:C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.
==========
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 vjc

vjc
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 19 September 2009 - 08:00 PM

Mike

Ok I followed your instructions. I had to change the WINDOWS directory to WINNT as my windows directory is winnt. I received the 1 file copied just fine. I ran avenger (again changed the windows directory in the script to winnt). It ran and ask for reboot as you said it would. When I rebooted, I automatically went into safe mode and did not see a txt file nor was there one anywhere on my computer. It occurred to me that avenger may not have been able to run in safe mode, so I rebooted into normal mode and the txt file below open up. Hopefully, I have done things correctly.


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\eventlog.dll|C:\WINNT\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Again - thank you so much for your help.

vjc


#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:11 AM

Posted 19 September 2009 - 08:27 PM

Hi vjc,

Your very welcome.

Yes, you did it correctly. I forgot you had C:\WINNET as your root drive, and you saved me a step.


We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running.


To disable AVG antivirus:
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Edited by SifuMike, 20 September 2009 - 11:38 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 vjc

vjc
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 20 September 2009 - 09:05 AM

Mike,

I booted into normal Win XP mode, diabled AVG resident shield and put combofix on my desktop. Combofix does not run - I double click and nothing happens ... no windows open security window even comes up or the preparing to run window. My harddrive is running, but not sure what it is running - appear to be numerous processes in task manager that seem questionable, but nothing that I would tie to combofix.

In normal winxp mode, I still have some virus as it constantly tries to download Antivirus 2010 ( no network connection so can't get to it). Since I cannot run any antivirus scans or malware scans, I have been unable to fully remove the infection. I assume that I cannot run combofix in safe mode since I could not run avenger in safe mode ...

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:11 AM

Posted 20 September 2009 - 11:42 AM

Hi vjc,


Disable your antivirus before running comblFix, as it will prevent ComboFix from working.


Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Edited by SifuMike, 20 September 2009 - 11:49 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 vjc

vjc
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 20 September 2009 - 12:02 PM

Mike-

Still nothing - won't run in safe mode either. tried staring it as a new task in task manager - nothing that way either. Deleted exe and put it back on desktop still nothing ...

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:11 AM

Posted 20 September 2009 - 12:13 PM

Hi,

Please do the following.

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File"
    :filefind 
    eventlog.dll
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 vjc

vjc
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 20 September 2009 - 12:18 PM

Followed your instructions in post #8 - again nothing. AVG is disabled. When I enter the command in the run box and hit ok (in normal mode again), the harddrive runs hard, but no windows related to combofix ever come up. In addition when I go into task manager, the only two processes getting CPU time besides systyem idle are a.exe and b.exe ... I have the feeling these processes should not be there. I am not sure what info is helpful to you, but trying to provide whatever I can to help diagnose the issue.

Tried in safe mode as well, combofix did not run. In safe mode, I do not have the a.exe and b.exe processes, but still would not run combofix.

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:11 AM

Posted 20 September 2009 - 12:29 PM

You forgot to post the SystemLook.txt
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 vjc

vjc
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 20 September 2009 - 12:51 PM

I had replied at the same time as you so I had not seen the system look post yet. I downloaded system look and placed it on my desktop. Followed your instructions. The window opened up and the scan was occurring as expected, then the screen when completely blank - at first thought it just went to sleep, but then realized that there was nothing there. Computer still on, but nothing running, ctrl-alt-del gives nothing, mouse nothing - could not get anything. Waited about 5 minutes - still nothing, so forced reboot. Seemed to boot into normal mode without issue, however soon realized that I could not click on anything, mouse moved cursor, but no click function, tried using keppad to get to task manager - no keyboard functionality. There does appear to be a systemlook.txt file on the desktop, but cannot get to it. I then forced a reboot into safe mode and it seems to be functioning correctly in safe mode.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 13:22 on 20/09/2009 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "eventlog.dll"
C:\WINNT\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [12:19 23/02/2009] [07:56 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINNT\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [00:22 09/01/2003] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINNT\system32\dllcache\eventlog.dll --a--- 56320 bytes [00:22 09/01/2003] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINNT\system32\eventlog.dll --a--- 56320 bytes [00:22 09/01/2003] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

-=End Of File=-

Thanks!

vjc

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:11 AM

Posted 20 September 2009 - 01:10 PM

Hi,

That file looks OK so time to use a different tool.

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTS.exe to your Desktop and double-click on it to extract the files. It will create a program named OTS on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTS folder and double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the File age section click on 90 days.
  • Under Additional Scans click the EXTRAS button
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it.
  • Submit file sample
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    http://www.bleepingcomputer.com/forums/index.php?showtopic=257886&st=0&gopid=1431847&#entry1431847
  • Click Browse and select the OTS log
  • Under the comments section, say that SifuMike asked for the submission.
  • Then select Send File to send it
  • After that you should get a confirmation if it was uploaded successfully.
Let me know when you have uploaded the log.

Edited by SifuMike, 20 September 2009 - 01:14 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 vjc

vjc
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 20 September 2009 - 01:28 PM

The cleaner and OTS.exe both ran fine in safe mode. Log file has been submitted as requested.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users