Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis, MBAM, etc won't run -- log of win32kdiag


  • This topic is locked This topic is locked
11 replies to this topic

#1 Sei

Sei

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 23 September 2009 - 11:36 PM

So I just recently seem to have gotten this infection. First thing I did was turn off the internet on that computer. Attempted to run MBAM, but it shut down a few seconds into quick scan, similar results with other programs. On trying to run MBAM again, it says that the file cannot be accessed, rebooted into safemode, transfered MBAM installer on USB stick to install and tried to run again -- same result, blocked file afterwards.

So I read around the forums a bit and noticed quite a few similar problems. I found the win32kdiag program and thought it would be a good place to start since HJT won't run, so here's the log. Hope someone can help me with this! (I've pasted here as well as attached as a file)

***I installed ERUNT and backed up my registry to both my USB as well as the C:\WINDOWS folder ---AFTER--- this log was created***

Running from: N:\Win32kDiag.exe

Log file at : C:\Documents and Settings\Serie\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\$NtUninstallKB824141$\user32.dll

[1] 2005-03-02 12:09:30 577024 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll (Microsoft Corporation)

[1] 2005-03-02 12:19:56 577024 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll (Microsoft Corporation)

[1] 2007-03-08 09:48:36 578048 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll (Microsoft Corporation)

[1] 2007-03-08 09:36:28 577536 C:\WINDOWS\$NtServicePackUninstall$\user32.dll (Microsoft Corporation)

[1] 2002-11-01 15:26:46 528896 C:\WINDOWS\$NtUninstallKB824141$\user32.dll ()

[1] 2002-08-29 06:00:00 560128 C:\WINDOWS\$NtUninstallKB826939$\user32.dll ()

[1] 2004-08-04 01:56:46 577024 C:\WINDOWS\$NtUninstallKB890859$\user32.dll (Microsoft Corporation)

[1] 2002-11-01 16:26:46 528896 C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll (Microsoft Corporation)

[1] 2005-03-02 12:09:30 577024 C:\WINDOWS\$NtUninstallKB925902$\user32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 560128 C:\WINDOWS\$NtUninstallQ328310$\user32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:08 578560 C:\WINDOWS\ServicePackFiles\i386\user32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:08 578560 C:\WINDOWS\system32\dllcache\user32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:08 578560 C:\WINDOWS\system32\user32.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB824141$\win32k.sys

[1] 2005-03-01 19:06:57 1836288 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\win32k.sys (Microsoft Corporation)

[1] 2005-03-01 19:11:25 1836160 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2005-10-05 18:10:04 1839360 C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2007-03-08 07:49:49 1843968 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2008-03-19 03:40:27 1845888 C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2008-09-15 06:25:27 1846912 C:\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys (Microsoft Corporation)

[1] 2009-02-09 05:08:53 1847552 C:\WINDOWS\$hf_mig$\KB958690\SP3QFE\win32k.sys (Microsoft Corporation)

[1] 2009-04-17 04:50:18 1847808 C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys (Microsoft Corporation)

[1] 2008-03-19 03:47:00 1845248 C:\WINDOWS\$NtServicePackUninstall$\win32k.sys (Microsoft Corporation)

[1] 2002-10-23 08:55:02 1694336 C:\WINDOWS\$NtUninstallKB824141$\win32k.sys ()

[1] 2002-08-29 06:00:00 1813632 C:\WINDOWS\$NtUninstallKB826939$\win32k.sys ()

[1] 2004-08-04 00:17:40 1835904 C:\WINDOWS\$NtUninstallKB890859$\win32k.sys (Microsoft Corporation)

[1] 2002-10-23 09:55:02 1694336 C:\WINDOWS\$NtUninstallKB890859_0$\win32k.sys (Microsoft Corporation)

[1] 2005-03-01 19:06:57 1836288 C:\WINDOWS\$NtUninstallKB896424$\win32k.sys (Microsoft Corporation)

[1] 2005-10-05 18:05:59 1839488 C:\WINDOWS\$NtUninstallKB925902$\win32k.sys (Microsoft Corporation)

[1] 2007-03-08 07:47:48 1843584 C:\WINDOWS\$NtUninstallKB941693$\win32k.sys (Microsoft Corporation)

[1] 2008-04-13 13:30:10 1845632 C:\WINDOWS\$NtUninstallKB954211$\win32k.sys (Microsoft Corporation)

[1] 2008-09-15 06:12:56 1846400 C:\WINDOWS\$NtUninstallKB958690$\win32k.sys (Microsoft Corporation)

[1] 2009-02-09 05:13:27 1846784 C:\WINDOWS\$NtUninstallKB968537$\win32k.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1813632 C:\WINDOWS\$NtUninstallQ328310$\win32k.sys (Microsoft Corporation)

[1] 2008-04-13 13:30:10 1845632 C:\WINDOWS\ServicePackFiles\i386\win32k.sys (Microsoft Corporation)

[1] 2009-04-17 06:26:40 1847168 C:\WINDOWS\system32\dllcache\win32k.sys (Microsoft Corporation)

[1] 2009-04-17 06:26:40 1847168 C:\WINDOWS\system32\win32k.sys (Microsoft Corporation)

[1] 2009-09-23 21:50:54 0 C:\WINDOWS\win32k.sys ()



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe

[1] 2004-08-04 01:56:47 183808 C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 179200 C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe ()

[1] 2002-08-29 06:00:00 179200 C:\WINDOWS\$NtUninstallQ810565$\accwiz.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:11 184320 C:\WINDOWS\ServicePackFiles\i386\accwiz.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:11 184320 C:\WINDOWS\system32\accwiz.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:11 184320 C:\WINDOWS\system32\dllcache\accwiz.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll

[1] 2004-08-04 01:56:41 597504 C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 557568 C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll ()

[1] 2002-08-29 06:00:00 557568 C:\WINDOWS\$NtUninstallQ329115$\crypt32.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 599040 C:\WINDOWS\ServicePackFiles\i386\crypt32.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 599040 C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 599040 C:\WINDOWS\system32\dllcache\crypt32.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll

[1] 2004-08-04 01:56:41 60416 C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 53248 C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll ()

[1] 2002-08-29 06:00:00 53248 C:\WINDOWS\$NtUninstallQ817287$\cryptsvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 62464 C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 62464 C:\WINDOWS\system32\cryptsvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 62464 C:\WINDOWS\system32\dllcache\cryptsvc.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\hh.exe

[1] 2005-05-26 17:26:50 10752 C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe (Microsoft Corporation)

[1] 2005-05-26 17:22:01 10752 C:\WINDOWS\$NtServicePackUninstall$\hh.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 10752 C:\WINDOWS\$NtUninstallKB826939$\hh.exe ()

[1] 2004-08-04 01:56:50 10752 C:\WINDOWS\$NtUninstallKB896358$\hh.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:21 10752 C:\WINDOWS\hh.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:21 10752 C:\WINDOWS\ServicePackFiles\i386\hh.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:21 10752 C:\WINDOWS\system32\dllcache\hh.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx

[1] 2004-11-30 23:19:54 539648 C:\WINDOWS\$hf_mig$\KB890175\SP2GDR\hhctrl.ocx ()

[1] 2004-12-02 12:35:33 539648 C:\WINDOWS\$hf_mig$\KB890175\SP2QFE\hhctrl.ocx ()

[1] 2005-05-26 20:08:59 546304 C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhctrl.ocx ()

[1] 2006-07-14 09:37:53 546304 C:\WINDOWS\$hf_mig$\KB922616\SP2QFE\hhctrl.ocx ()

[1] 2007-01-23 13:24:27 546304 C:\WINDOWS\$hf_mig$\KB928843\SP2QFE\hhctrl.ocx ()

[1] 2007-01-23 13:29:20 546304 C:\WINDOWS\$NtServicePackUninstall$\hhctrl.ocx ()

[1] 2002-08-29 06:00:00 511560 C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx ()

[1] 2004-08-03 23:22:58 526848 C:\WINDOWS\$NtUninstallKB890175$\hhctrl.ocx ()

[1] 2002-12-19 19:35:34 516192 C:\WINDOWS\$NtUninstallKB890175_0$\hhctrl.ocx ()

[1] 2004-11-30 23:19:54 539648 C:\WINDOWS\$NtUninstallKB896358$\hhctrl.ocx ()

[1] 2005-05-26 20:04:27 546304 C:\WINDOWS\$NtUninstallKB922616$\hhctrl.ocx ()

[1] 2006-07-14 09:25:57 546304 C:\WINDOWS\$NtUninstallKB928843$\hhctrl.ocx ()

[1] 2002-09-10 07:06:26 512624 C:\WINDOWS\$NtUninstallQ810565$\hhctrl.ocx ()

[1] 2008-04-13 18:09:36 545280 C:\WINDOWS\ServicePackFiles\i386\hhctrl.ocx ()

[1] 2008-04-13 18:09:36 545280 C:\WINDOWS\system32\dllcache\hhctrl.ocx ()

[2] 2002-08-29 06:00:00 87552 C:\WINDOWS\system32\dllcache\hhctrlui.dll (Microsoft Corporation)

[1] 2008-04-13 18:09:36 545280 C:\WINDOWS\system32\hhctrl.ocx ()

[2] 2002-08-29 06:00:00 87552 C:\WINDOWS\system32\mui\0009\hhctrlui.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll

[1] 2005-05-26 20:08:59 41472 C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll (Microsoft Corporation)

[1] 2005-05-26 20:04:27 41472 C:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 37888 C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll ()

[1] 2004-08-04 01:56:42 38912 C:\WINDOWS\$NtUninstallKB896358$\hhsetup.dll (Microsoft Corporation)

[1] 2002-09-23 13:13:50 37888 C:\WINDOWS\$NtUninstallQ810565$\hhsetup.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:54 41472 C:\WINDOWS\ServicePackFiles\i386\hhsetup.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:54 41472 C:\WINDOWS\system32\dllcache\hhsetup.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:54 41472 C:\WINDOWS\system32\hhsetup.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\html32.cnv

[1] 2002-08-29 06:00:00 401480 C:\WINDOWS\$NtUninstallKB823559$\html32.cnv ()

[1] 2002-08-29 06:00:00 401480 C:\WINDOWS\$NtUninstallKB826939$\html32.cnv ()

[1] 2003-06-27 12:38:50 311864 C:\WINDOWS\ServicePackFiles\i386\html32.cnv ()



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\locator.exe

[1] 2004-08-04 01:56:50 75264 C:\WINDOWS\$NtServicePackUninstall$\locator.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 68096 C:\WINDOWS\$NtUninstallKB826939$\locator.exe ()

[1] 2002-08-29 06:00:00 68096 C:\WINDOWS\$NtUninstallQ810833$\locator.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:24 75264 C:\WINDOWS\ServicePackFiles\i386\locator.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:24 75264 C:\WINDOWS\system32\dllcache\locator.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:24 75264 C:\WINDOWS\system32\locator.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\magnify.exe

[1] 2004-08-04 01:56:50 72704 C:\WINDOWS\$NtServicePackUninstall$\magnify.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 67584 C:\WINDOWS\$NtUninstallKB826939$\magnify.exe ()

[1] 2002-08-29 06:00:00 67584 C:\WINDOWS\$NtUninstallQ810565$\magnify.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:24 72704 C:\WINDOWS\ServicePackFiles\i386\magnify.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:24 72704 C:\WINDOWS\system32\dllcache\magnify.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:24 72704 C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe

[1] 2005-04-27 18:12:57 245248 C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe (Microsoft Corporation)

[2] 2005-04-27 18:12:57 241152 C:\WINDOWS\$NtServicePackUninstall$\migwiza.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 230400 C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe ()

[1] 2004-08-04 01:56:51 240128 C:\WINDOWS\$NtUninstallKB896344$\migwiz.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 230400 C:\WINDOWS\$NtUninstallQ810565$\migwiz.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:25 245248 C:\WINDOWS\ServicePackFiles\i386\migwiz.exe (Microsoft Corporation)

[2] 2008-04-13 18:12:25 241152 C:\WINDOWS\ServicePackFiles\i386\migwiza.exe (Microsoft Corporation)

[2] 2004-08-04 01:56:51 236032 C:\WINDOWS\ServicePackFiles\i386\migwiz_a.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:25 245248 C:\WINDOWS\system32\dllcache\migwiz.exe (Microsoft Corporation)

[2] 2008-04-13 18:12:25 241152 C:\WINDOWS\system32\dllcache\migwiza.exe (Microsoft Corporation)

[2] 2004-08-04 01:56:51 236032 C:\WINDOWS\system32\dllcache\migwiz_a.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:25 245248 C:\WINDOWS\system32\usmt\migwiz.exe (Microsoft Corporation)

[2] 2008-04-13 18:12:25 241152 C:\WINDOWS\system32\usmt\migwiza.exe (Microsoft Corporation)

[2] 2004-08-04 01:56:51 236032 C:\WINDOWS\system32\usmt\migwiz_a.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys

[1] 2005-01-18 22:26:52 451584 C:\WINDOWS\$hf_mig$\KB885250\SP2GDR\mrxsmb.sys (Microsoft Corporation)

[1] 2005-01-18 21:51:57 451584 C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys (Microsoft Corporation)

[1] 2004-10-27 19:14:18 448128 C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\mrxsmb.sys (Microsoft Corporation)

[1] 2004-10-27 19:15:16 448128 C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys (Microsoft Corporation)

[1] 2006-05-05 04:16:39 454400 C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys (Microsoft Corporation)

[1] 2008-10-24 05:41:11 455936 C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys (Microsoft Corporation)

[1] 2006-05-05 03:41:45 453120 C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 407552 C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys ()

[1] 2004-08-04 00:15:16 451456 C:\WINDOWS\$NtUninstallKB885250$\mrxsmb.sys (Microsoft Corporation)

[1] 2004-10-12 10:22:52 436608 C:\WINDOWS\$NtUninstallKB885250_0$\mrxsmb.sys (Microsoft Corporation)

[1] 2002-11-18 12:27:40 392576 C:\WINDOWS\$NtUninstallKB885835_0$\mrxsmb.sys (Microsoft Corporation)

[1] 2005-01-18 22:26:52 451584 C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys (Microsoft Corporation)

[1] 2008-04-13 13:17:01 456576 C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 407552 C:\WINDOWS\$NtUninstallQ810577$\mrxsmb.sys (Microsoft Corporation)

[1] 2008-10-24 05:21:09 455296 C:\WINDOWS\Driver Cache\i386\mrxsmb.sys (Microsoft Corporation)

[1] 2008-04-13 13:17:01 456576 C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys (Microsoft Corporation)

[1] 2005-01-18 22:26:52 451584 C:\WINDOWS\SoftwareDistribution\Download\cadf7c8240793a561791dc3bd3e91a5e\sp2gdr\mrxsmb.sys (Microsoft Corporation)

[1] 2005-01-18 21:51:57 451584 C:\WINDOWS\SoftwareDistribution\Download\cadf7c8240793a561791dc3bd3e91a5e\sp2qfe\mrxsmb.sys (Microsoft Corporation)

[1] 2008-10-24 05:21:09 455296 C:\WINDOWS\system32\dllcache\mrxsmb.sys (Microsoft Corporation)

[1] 2008-10-24 05:21:09 455296 C:\WINDOWS\system32\drivers\mrxsmb.sys (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll

[1] 2002-08-29 06:00:00 143434 C:\WINDOWS\$NtUninstallKB823559$\msconv97.dll ()

[1] 2002-08-29 06:00:00 143434 C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll ()

[1] 2003-06-27 12:38:56 116288 C:\WINDOWS\ServicePackFiles\i386\msconv97.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\narrator.exe

[1] 2004-08-04 01:56:54 53760 C:\WINDOWS\$NtServicePackUninstall$\narrator.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 51200 C:\WINDOWS\$NtUninstallKB826939$\narrator.exe ()

[1] 2002-08-29 06:00:00 51200 C:\WINDOWS\$NtUninstallQ810565$\narrator.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:29 53760 C:\WINDOWS\ServicePackFiles\i386\narrator.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:29 53760 C:\WINDOWS\system32\dllcache\narrator.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:29 53760 C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\newdev.dll

[1] 2004-08-04 01:56:44 248832 C:\WINDOWS\$NtServicePackUninstall$\newdev.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 238080 C:\WINDOWS\$NtUninstallKB826939$\newdev.dll ()

[1] 2002-08-29 06:00:00 238080 C:\WINDOWS\$NtUninstallQ814033$\newdev.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 247808 C:\WINDOWS\ServicePackFiles\i386\newdev.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 247808 C:\WINDOWS\system32\dllcache\newdev.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 247808 C:\WINDOWS\system32\newdev.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll

[1] 2009-02-09 04:56:35 715264 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntdll.dll (Microsoft Corporation)

[1] 2004-08-04 01:56:36 708096 C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll (Microsoft Corporation)

[1] 2002-08-29 13:00:00 668672 C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll ()

[1] 2008-04-13 18:11:24 706048 C:\WINDOWS\$NtUninstallKB956572$\ntdll.dll (Microsoft Corporation)

[1] 2002-08-29 13:00:00 668672 C:\WINDOWS\$NtUninstallQ815021$\ntdll.dll (Microsoft Corporation)

[1] 2002-08-29 13:00:00 668672 C:\WINDOWS\I386\NTDLL.DLL (Microsoft Corporation)

[1] 2002-08-29 13:00:00 668672 C:\WINDOWS\I386\SYSTEM32\NTDLL.DLL (Microsoft Corporation)

[1] 2008-04-13 18:11:24 706048 C:\WINDOWS\ServicePackFiles\i386\ntdll.dll (Microsoft Corporation)

[1] 2009-02-09 06:10:48 714752 C:\WINDOWS\system32\dllcache\ntdll.dll (Microsoft Corporation)

[1] 2009-02-09 06:10:48 714752 C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 668672 C:\i386\NTDLL.DLL (Microsoft Corporation)

[1] 2002-08-29 06:00:00 668672 C:\i386\SYSTEM32\NTDLL.DLL (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe

[1] 2005-03-01 18:34:40 2056832 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe (Microsoft Corporation)

[1] 2005-03-01 18:36:40 2056832 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe (Microsoft Corporation)

[1] 2006-12-19 10:12:16 2059392 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe (Microsoft Corporation)

[1] 2007-02-28 03:15:56 2059392 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe (Microsoft Corporation)

[1] 2009-02-06 04:30:40 2066176 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe (Microsoft Corporation)

[1] 2008-08-14 15:39:46 2066048 C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe (Microsoft Corporation)

[1] 2007-02-28 02:38:57 2015744 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe (Microsoft Corporation)

[1] 2002-08-29 13:00:00 1920512 C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe ()

[1] 2004-08-03 23:59:01 2015232 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe (Microsoft Corporation)

[1] 2003-04-24 09:57:58 1921536 C:\WINDOWS\$NtUninstallKB890859_0$\ntkrnlpa.exe (Microsoft Corporation)

[1] 2005-03-01 18:34:42 2015232 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe (Microsoft Corporation)

[1] 2006-12-19 06:55:40 2015744 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe (Microsoft Corporation)

[1] 2008-08-14 03:33:16 2023936 C:\WINDOWS\$NtUninstallKB956572$\ntkrnlpa.exe (Microsoft Corporation)

[1] 2008-04-13 12:31:21 2023936 C:\WINDOWS\$NtUninstallKB956841$\ntkrnlpa.exe (Microsoft Corporation)

[1] 2002-08-29 13:00:00 1920512 C:\WINDOWS\$NtUninstallQ811493$\ntkrnlpa.exe (Microsoft Corporation)

[1] 2009-02-07 19:02:58 2066048 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe (Microsoft Corporation)

[1] 2008-04-13 12:31:21 2065792 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe (Microsoft Corporation)

[1] 2009-02-07 19:02:58 2066048 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe (Microsoft Corporation)

[1] 2009-02-06 04:32:56 2023936 C:\WINDOWS\system32\ntkrnlpa.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe

[1] 2005-03-01 18:59:53 2179328 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe (Microsoft Corporation)

[1] 2005-03-01 19:04:22 2179456 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe (Microsoft Corporation)

[1] 2006-12-19 10:51:12 2182016 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe (Microsoft Corporation)

[1] 2007-02-28 03:55:14 2182144 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe (Microsoft Corporation)

[1] 2009-02-07 19:35:26 2189184 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe (Microsoft Corporation)

[1] 2008-08-14 16:11:10 2189184 C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe (Microsoft Corporation)

[1] 2007-02-28 03:08:48 2136064 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe (Microsoft Corporation)

[1] 2002-08-29 13:00:00 1891840 C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe ()

[1] 2004-08-04 00:18:30 2148352 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe (Microsoft Corporation)

[1] 2003-04-24 09:57:52 1892864 C:\WINDOWS\$NtUninstallKB890859_0$\ntoskrnl.exe (Microsoft Corporation)

[1] 2005-03-01 18:57:44 2135552 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe (Microsoft Corporation)

[1] 2006-12-19 08:15:09 2136064 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe (Microsoft Corporation)

[1] 2008-08-14 04:09:26 2145280 C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe (Microsoft Corporation)

[1] 2008-04-13 13:24:37 2145280 C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe (Microsoft Corporation)

[1] 2002-08-29 13:00:00 1891840 C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe (Microsoft Corporation)

[1] 2009-02-06 05:08:19 2189056 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe (Microsoft Corporation)

[1] 2008-04-13 13:27:53 2188928 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe (Microsoft Corporation)

[1] 2009-02-06 05:08:19 2189056 C:\WINDOWS\system32\dllcache\ntoskrnl.exe (Microsoft Corporation)

[1] 2009-02-06 05:06:41 2145280 C:\WINDOWS\system32\ntoskrnl.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\osk.exe

[1] 2004-08-04 01:56:55 215552 C:\WINDOWS\$NtServicePackUninstall$\osk.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 212480 C:\WINDOWS\$NtUninstallKB826939$\osk.exe ()

[1] 2002-08-29 06:00:00 212480 C:\WINDOWS\$NtUninstallQ810565$\osk.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:31 215552 C:\WINDOWS\ServicePackFiles\i386\osk.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:31 215552 C:\WINDOWS\system32\dllcache\osk.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:31 215552 C:\WINDOWS\system32\osk.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll

[1] 2004-08-04 01:56:44 102400 C:\WINDOWS\$NtServicePackUninstall$\pchshell.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 97792 C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll ()

[1] 2002-08-29 06:00:00 97792 C:\WINDOWS\$NtUninstallQ810565$\pchshell.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 102912 C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchshell.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 102912 C:\WINDOWS\ServicePackFiles\i386\pchshell.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 102912 C:\WINDOWS\system32\dllcache\pchshell.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys

[1] 2004-08-04 00:14:26 48384 C:\WINDOWS\$NtServicePackUninstall$\raspptp.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 46336 C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys ()

[1] 2002-08-29 06:00:00 46336 C:\WINDOWS\$NtUninstallQ329834$\raspptp.sys (Microsoft Corporation)

[1] 2008-04-13 13:19:48 48384 C:\WINDOWS\ServicePackFiles\i386\raspptp.sys (Microsoft Corporation)

[1] 2008-04-13 13:19:48 48384 C:\WINDOWS\system32\dllcache\raspptp.sys (Microsoft Corporation)

[1] 2008-04-13 13:19:48 48384 C:\WINDOWS\system32\drivers\raspptp.sys (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\shell32.dll

[1] 2004-12-21 14:50:55 8451072 C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2005-02-28 17:11:18 8450048 C:\WINDOWS\$hf_mig$\KB893086\SP2GDR\shell32.dll (Microsoft Corporation)

[1] 2005-02-28 17:06:29 8451584 C:\WINDOWS\$hf_mig$\KB893086\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2005-09-22 21:18:20 8452608 C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-03-16 22:46:31 8454656 C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-07-13 08:03:23 8457728 C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2006-12-19 15:50:10 8458752 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 13:04:34 8461824 C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll (Microsoft Corporation)

[1] 2007-10-25 21:34:01 8460288 C:\WINDOWS\$NtServicePackUninstall$\shell32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 8336384 C:\WINDOWS\$NtUninstallKB821557$\shell32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 8336384 C:\WINDOWS\$NtUninstallKB826939$\shell32.dll ()

[1] 2004-08-04 01:56:45 8384000 C:\WINDOWS\$NtUninstallKB890047$\shell32.dll (Microsoft Corporation)

[1] 2004-08-04 01:56:45 8384000 C:\WINDOWS\$NtUninstallKB893086$\shell32.dll (Microsoft Corporation)

[1] 2003-06-11 14:43:48 8240640 C:\WINDOWS\$NtUninstallKB893086_0$\shell32.dll (Microsoft Corporation)

[1] 2005-02-28 17:11:18 8450048 C:\WINDOWS\$NtUninstallKB900725$\shell32.dll (Microsoft Corporation)

[1] 2005-09-22 21:05:29 8450560 C:\WINDOWS\$NtUninstallKB908531$\shell32.dll (Microsoft Corporation)

[1] 2006-03-16 22:03:54 8452096 C:\WINDOWS\$NtUninstallKB921398$\shell32.dll (Microsoft Corporation)

[1] 2006-07-13 07:33:27 8453632 C:\WINDOWS\$NtUninstallKB928255$\shell32.dll (Microsoft Corporation)

[1] 2006-12-19 15:52:18 8453632 C:\WINDOWS\$NtUninstallKB943460$\shell32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:05 8461312 C:\WINDOWS\$NtUninstallKB967715$\shell32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:05 8461312 C:\WINDOWS\ServicePackFiles\i386\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 13:02:19 8461312 C:\WINDOWS\system32\dllcache\shell32.dll (Microsoft Corporation)

[1] 2008-06-17 13:02:19 8461312 C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll

[1] 2004-08-04 01:56:45 151552 C:\WINDOWS\$NtServicePackUninstall$\shmedia.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 126464 C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll ()

[1] 2002-08-29 06:00:00 126464 C:\WINDOWS\$NtUninstallQ329390$\shmedia.dll (Microsoft Corporation)

[1] 2004-08-04 01:56:45 151552 C:\WINDOWS\ServicePackFiles\i386\shmedia.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:05 152064 C:\WINDOWS\system32\dllcache\shmedia.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:05 152064 C:\WINDOWS\system32\shmedia.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll

[1] 2004-08-04 01:56:45 239104 C:\WINDOWS\$NtServicePackUninstall$\srrstr.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 226304 C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll ()

[1] 2002-11-14 14:50:42 226816 C:\WINDOWS\$NtUninstallKB835409$\srrstr.dll ()

[1] 2002-08-29 06:00:00 226304 C:\WINDOWS\$NtUninstallQ329441$\srrstr.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 239104 C:\WINDOWS\ServicePackFiles\i386\srrstr.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 239104 C:\WINDOWS\system32\dllcache\srrstr.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 239104 C:\WINDOWS\system32\srrstr.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\srv.sys

[1] 2005-05-09 18:22:21 332544 C:\WINDOWS\$hf_mig$\KB896422\SP2QFE\srv.sys (Microsoft Corporation)

[1] 2006-04-21 00:46:15 332800 C:\WINDOWS\$hf_mig$\KB917159\SP2QFE\srv.sys (Microsoft Corporation)

[1] 2006-08-14 06:00:42 332928 C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys (Microsoft Corporation)

[1] 2008-09-08 05:37:19 333824 C:\WINDOWS\$hf_mig$\KB957095\SP3QFE\srv.sys (Microsoft Corporation)

[1] 2008-12-11 06:33:59 333952 C:\WINDOWS\$hf_mig$\KB958687\SP3QFE\srv.sys (Microsoft Corporation)

[1] 2006-08-14 04:34:41 332928 C:\WINDOWS\$NtServicePackUninstall$\srv.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 330368 C:\WINDOWS\$NtUninstallKB826939$\srv.sys ()

[1] 2004-08-04 00:14:45 336256 C:\WINDOWS\$NtUninstallKB896422$\srv.sys (Microsoft Corporation)

[1] 2005-05-09 18:17:51 332544 C:\WINDOWS\$NtUninstallKB917159$\srv.sys (Microsoft Corporation)

[1] 2006-04-21 00:12:27 332800 C:\WINDOWS\$NtUninstallKB923414$\srv.sys (Microsoft Corporation)

[1] 2008-04-13 13:15:11 334848 C:\WINDOWS\$NtUninstallKB957095$\srv.sys (Microsoft Corporation)

[1] 2008-09-08 04:41:42 333824 C:\WINDOWS\$NtUninstallKB958687$\srv.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 330368 C:\WINDOWS\$NtUninstallQ817606$\srv.sys (Microsoft Corporation)

[1] 2008-04-13 13:15:11 334848 C:\WINDOWS\ServicePackFiles\i386\srv.sys (Microsoft Corporation)

[1] 2008-12-11 04:57:09 333952 C:\WINDOWS\system32\dllcache\srv.sys (Microsoft Corporation)

[1] 2008-12-11 04:57:09 333952 C:\WINDOWS\system32\drivers\srv.sys (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb

[1] 2009-03-27 00:33:14 1203922 C:\WINDOWS\$hf_mig$\KB923561\SP3QFE\sysmain.sdb ()

[1] 2006-10-04 08:06:21 1197294 C:\WINDOWS\$NtServicePackUninstall$\sysmain.sdb ()

[1] 2002-08-29 06:00:00 1082436 C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb ()

[1] 2008-04-13 18:15:28 1202774 C:\WINDOWS\$NtUninstallKB923561$\sysmain.sdb ()

[1] 2004-08-04 02:02:14 1190796 C:\WINDOWS\$NtUninstallKB926239$\sysmain.sdb ()

[1] 2002-08-29 06:00:00 1082436 C:\WINDOWS\$NtUninstallQ328310$\sysmain.sdb ()

[1] 2002-11-01 15:13:00 1080070 C:\WINDOWS\$NtUninstallQ814995$\sysmain.sdb ()

[1] 2009-03-27 00:58:38 1203922 C:\WINDOWS\AppPatch\sysmain.sdb ()

[1] 2008-04-13 18:15:28 1202774 C:\WINDOWS\ServicePackFiles\i386\sysmain.sdb ()

[1] 2009-03-27 00:58:38 1203922 C:\WINDOWS\system32\dllcache\sysmain.sdb ()



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\user32.dll

[1] 2005-03-02 12:09:30 577024 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll (Microsoft Corporation)

[1] 2005-03-02 12:19:56 577024 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll (Microsoft Corporation)

[1] 2007-03-08 09:48:36 578048 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll (Microsoft Corporation)

[1] 2007-03-08 09:36:28 577536 C:\WINDOWS\$NtServicePackUninstall$\user32.dll (Microsoft Corporation)

[1] 2002-11-01 15:26:46 528896 C:\WINDOWS\$NtUninstallKB824141$\user32.dll ()

[1] 2002-08-29 06:00:00 560128 C:\WINDOWS\$NtUninstallKB826939$\user32.dll ()

[1] 2004-08-04 01:56:46 577024 C:\WINDOWS\$NtUninstallKB890859$\user32.dll (Microsoft Corporation)

[1] 2002-11-01 16:26:46 528896 C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll (Microsoft Corporation)

[1] 2005-03-02 12:09:30 577024 C:\WINDOWS\$NtUninstallKB925902$\user32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 560128 C:\WINDOWS\$NtUninstallQ328310$\user32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:08 578560 C:\WINDOWS\ServicePackFiles\i386\user32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:08 578560 C:\WINDOWS\system32\dllcache\user32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:08 578560 C:\WINDOWS\system32\user32.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\win32k.sys

[1] 2005-03-01 19:06:57 1836288 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\win32k.sys (Microsoft Corporation)

[1] 2005-03-01 19:11:25 1836160 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2005-10-05 18:10:04 1839360 C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2007-03-08 07:49:49 1843968 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2008-03-19 03:40:27 1845888 C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys (Microsoft Corporation)

[1] 2008-09-15 06:25:27 1846912 C:\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys (Microsoft Corporation)

[1] 2009-02-09 05:08:53 1847552 C:\WINDOWS\$hf_mig$\KB958690\SP3QFE\win32k.sys (Microsoft Corporation)

[1] 2009-04-17 04:50:18 1847808 C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys (Microsoft Corporation)

[1] 2008-03-19 03:47:00 1845248 C:\WINDOWS\$NtServicePackUninstall$\win32k.sys (Microsoft Corporation)

[1] 2002-10-23 08:55:02 1694336 C:\WINDOWS\$NtUninstallKB824141$\win32k.sys ()

[1] 2002-08-29 06:00:00 1813632 C:\WINDOWS\$NtUninstallKB826939$\win32k.sys ()

[1] 2004-08-04 00:17:40 1835904 C:\WINDOWS\$NtUninstallKB890859$\win32k.sys (Microsoft Corporation)

[1] 2002-10-23 09:55:02 1694336 C:\WINDOWS\$NtUninstallKB890859_0$\win32k.sys (Microsoft Corporation)

[1] 2005-03-01 19:06:57 1836288 C:\WINDOWS\$NtUninstallKB896424$\win32k.sys (Microsoft Corporation)

[1] 2005-10-05 18:05:59 1839488 C:\WINDOWS\$NtUninstallKB925902$\win32k.sys (Microsoft Corporation)

[1] 2007-03-08 07:47:48 1843584 C:\WINDOWS\$NtUninstallKB941693$\win32k.sys (Microsoft Corporation)

[1] 2008-04-13 13:30:10 1845632 C:\WINDOWS\$NtUninstallKB954211$\win32k.sys (Microsoft Corporation)

[1] 2008-09-15 06:12:56 1846400 C:\WINDOWS\$NtUninstallKB958690$\win32k.sys (Microsoft Corporation)

[1] 2009-02-09 05:13:27 1846784 C:\WINDOWS\$NtUninstallKB968537$\win32k.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1813632 C:\WINDOWS\$NtUninstallQ328310$\win32k.sys (Microsoft Corporation)

[1] 2008-04-13 13:30:10 1845632 C:\WINDOWS\ServicePackFiles\i386\win32k.sys (Microsoft Corporation)

[1] 2009-04-17 06:26:40 1847168 C:\WINDOWS\system32\dllcache\win32k.sys (Microsoft Corporation)

[1] 2009-04-17 06:26:40 1847168 C:\WINDOWS\system32\win32k.sys (Microsoft Corporation)

[1] 2009-09-23 21:50:54 0 C:\WINDOWS\win32k.sys ()



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll

[1] 2005-03-02 12:09:30 291328 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\winsrv.dll (Microsoft Corporation)

[1] 2005-03-02 12:19:56 291328 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll (Microsoft Corporation)

[1] 2005-08-31 19:44:05 291840 C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll (Microsoft Corporation)

[1] 2007-03-17 07:45:03 292864 C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll (Microsoft Corporation)

[1] 2007-03-17 07:43:01 292864 C:\WINDOWS\$NtServicePackUninstall$\winsrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 276480 C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll ()

[1] 2004-08-04 01:56:46 290816 C:\WINDOWS\$NtUninstallKB890859$\winsrv.dll (Microsoft Corporation)

[1] 2002-11-01 16:26:44 272896 C:\WINDOWS\$NtUninstallKB890859_0$\winsrv.dll (Microsoft Corporation)

[1] 2005-03-02 12:09:30 291328 C:\WINDOWS\$NtUninstallKB900725$\winsrv.dll (Microsoft Corporation)

[1] 2005-08-31 19:41:54 291840 C:\WINDOWS\$NtUninstallKB930178$\winsrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 276480 C:\WINDOWS\$NtUninstallQ328310$\winsrv.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:09 293376 C:\WINDOWS\ServicePackFiles\i386\winsrv.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:09 293376 C:\WINDOWS\system32\dllcache\winsrv.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:09 293376 C:\WINDOWS\system32\winsrv.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll

[1] 2004-08-04 01:56:46 337920 C:\WINDOWS\$NtServicePackUninstall$\zipfldr.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 316416 C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll ()

[1] 2002-09-25 16:18:58 316928 C:\WINDOWS\$NtUninstallKB873376$\zipfldr.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 316416 C:\WINDOWS\$NtUninstallQ329048$\zipfldr.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:11 338432 C:\WINDOWS\ServicePackFiles\i386\zipfldr.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:11 338432 C:\WINDOWS\system32\dllcache\zipfldr.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:11 338432 C:\WINDOWS\system32\zipfldr.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll

[1] 2006-05-19 07:46:40 112128 C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll (Microsoft Corporation)

[1] 2006-05-19 06:59:41 111616 C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 99840 C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll ()

[1] 2004-08-04 01:56:42 111104 C:\WINDOWS\$NtUninstallKB914388$\dhcpcsvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 126976 C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 126976 C:\WINDOWS\system32\dhcpcsvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 126976 C:\WINDOWS\system32\dllcache\dhcpcsvc.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826942$\ndis.sys

[1] 2004-08-04 00:14:28 182912 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (Microsoft Corporation)

[1] 2002-08-29 06:00:00 167552 C:\WINDOWS\$NtUninstallKB826942$\ndis.sys ()

[1] 2008-04-13 13:20:37 182656 C:\WINDOWS\ServicePackFiles\i386\ndis.sys (Microsoft Corporation)

[1] 2008-04-13 13:20:37 182656 C:\WINDOWS\system32\dllcache\ndis.sys (Microsoft Corporation)

[1] 2008-04-13 13:20:37 182656 C:\WINDOWS\system32\drivers\ndis.sys (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys

[1] 2004-08-04 00:03:12 12928 C:\WINDOWS\$NtServicePackUninstall$\ndisuio.sys (Microsoft Corporation)

[1] 2002-08-29 13:00:00 12288 C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys ()

[1] 2008-04-13 12:55:58 14592 C:\WINDOWS\ServicePackFiles\i386\ndisuio.sys (Microsoft Corporation)

[1] 2008-04-13 12:55:58 14592 C:\WINDOWS\system32\dllcache\ndisuio.sys (Microsoft Corporation)

[1] 2008-04-13 12:55:58 14592 C:\WINDOWS\system32\drivers\ndisuio.sys (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826942$\netshell.dll

[1] 2004-08-04 01:56:44 1708032 C:\WINDOWS\$NtServicePackUninstall$\netshell.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1622528 C:\WINDOWS\$NtUninstallKB826942$\netshell.dll ()

[1] 2008-04-13 18:12:02 1703936 C:\WINDOWS\ServicePackFiles\i386\netshell.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 1703936 C:\WINDOWS\system32\dllcache\netshell.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 1703936 C:\WINDOWS\system32\netshell.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll

[1] 2004-08-04 01:56:46 378368 C:\WINDOWS\$NtServicePackUninstall$\wzcdlg.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 56832 C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll ()

[1] 2008-04-13 18:12:11 383488 C:\WINDOWS\ServicePackFiles\i386\wzcdlg.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:11 383488 C:\WINDOWS\system32\dllcache\wzcdlg.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:11 383488 C:\WINDOWS\system32\wzcdlg.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll

[1] 2004-08-04 01:56:46 51712 C:\WINDOWS\$NtServicePackUninstall$\wzcsapi.dll (Microsoft Corporation)

[1] 2002-08-29 13:00:00 23552 C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll ()

[1] 2008-04-13 18:12:11 52736 C:\WINDOWS\ServicePackFiles\i386\wzcsapi.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:11 52736 C:\WINDOWS\system32\dllcache\wzcsapi.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:11 52736 C:\WINDOWS\system32\wzcsapi.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll

[1] 2004-08-04 01:56:46 359936 C:\WINDOWS\$NtServicePackUninstall$\wzcsvc.dll (Microsoft Corporation)

[1] 2002-08-29 13:00:00 264704 C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll ()

[1] 2008-04-13 18:12:11 483840 C:\WINDOWS\ServicePackFiles\i386\wzcsvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:11 483840 C:\WINDOWS\system32\dllcache\wzcsvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:11 483840 C:\WINDOWS\system32\wzcsvc.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll

[1] 2004-08-04 01:56:42 57344 C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 51200 C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll ()

[1] 2002-08-29 06:00:00 51200 C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll ()

[1] 2008-04-13 18:11:58 57344 C:\WINDOWS\ServicePackFiles\i386\msasn1.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:58 57344 C:\WINDOWS\system32\dllcache\msasn1.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:58 57344 C:\WINDOWS\system32\msasn1.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll

[1] 2004-08-04 01:56:43 33792 C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 34304 C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll ()

[1] 2008-04-13 18:11:59 33792 C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:59 33792 C:\WINDOWS\system32\dllcache\msgsvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:59 33792 C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll

[1] 2006-08-17 06:37:49 132096 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll (Microsoft Corporation)

[1] 2009-06-10 00:17:16 134144 C:\WINDOWS\$hf_mig$\KB971657\SP3QFE\wkssvc.dll (Microsoft Corporation)

[1] 2006-08-17 06:28:27 132096 C:\WINDOWS\$NtServicePackUninstall$\wkssvc.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 120832 C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll ()

[1] 2004-08-04 01:56:46 132096 C:\WINDOWS\$NtUninstallKB924270$\wkssvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:09 132096 C:\WINDOWS\$NtUninstallKB971657$\wkssvc.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:09 132096 C:\WINDOWS\ServicePackFiles\i386\wkssvc.dll (Microsoft Corporation)

[1] 2009-06-10 00:14:49 132096 C:\WINDOWS\system32\dllcache\wkssvc.dll (Microsoft Corporation)

[1] 2009-06-10 00:14:49 132096 C:\WINDOWS\system32\wkssvc.dll (Microsoft Corporation)

[2] 2008-04-13 18:12:09 132096 C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP444\A0080548.dll (Microsoft Corporation)

[2] 2008-04-13 18:12:09 132096 C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP444\A0080575.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

[1] 2005-07-25 22:20:23 225792 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:42 225792 C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 215040 C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll ()

[1] 2004-08-04 01:56:41 229888 C:\WINDOWS\$NtUninstallKB902400$\catsrv.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 226304 C:\WINDOWS\ServicePackFiles\i386\catsrv.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 226304 C:\WINDOWS\system32\catsrv.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 226304 C:\WINDOWS\system32\dllcache\catsrv.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

[1] 2005-07-25 22:20:23 625152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:43 625152 C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 582656 C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll ()

[1] 2004-08-04 01:56:41 628224 C:\WINDOWS\$NtUninstallKB902400$\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 625664 C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 625664 C:\WINDOWS\system32\catsrvut.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 625664 C:\WINDOWS\system32\dllcache\catsrvut.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

[1] 2005-07-25 22:20:23 110080 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:43 110080 C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 100864 C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll ()

[1] 2004-08-04 01:56:41 110080 C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 110592 C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 110592 C:\WINDOWS\system32\clbcatex.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 110592 C:\WINDOWS\system32\dllcache\clbcatex.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

[1] 2005-07-25 22:20:24 498688 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:43 498688 C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 468480 C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll ()

[1] 2004-08-04 01:56:41 501248 C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 498688 C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 498688 C:\WINDOWS\system32\clbcatq.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 498688 C:\WINDOWS\system32\dllcache\clbcatq.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

[1] 2005-07-25 22:20:24 60416 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:43 60416 C:\WINDOWS\$NtServicePackUninstall$\colbact.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 56832 C:\WINDOWS\$NtUninstallKB828741$\colbact.dll ()

[1] 2004-08-04 01:56:41 62464 C:\WINDOWS\$NtUninstallKB902400$\colbact.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 60416 C:\WINDOWS\ServicePackFiles\i386\colbact.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 60416 C:\WINDOWS\system32\colbact.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 60416 C:\WINDOWS\system32\dllcache\colbact.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

[1] 2005-07-25 22:20:24 195072 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:44 195072 C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 186880 C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll ()

[1] 2004-08-04 01:56:41 195584 C:\WINDOWS\$NtUninstallKB902400$\comadmin.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 195072 C:\WINDOWS\ServicePackFiles\i386\comadmin.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 195072 C:\WINDOWS\system32\Com\comadmin.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 195072 C:\WINDOWS\system32\dllcache\comadmin.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

[1] 2004-08-04 01:56:48 9728 C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 8192 C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe ()

[1] 2008-04-13 18:12:15 9728 C:\WINDOWS\ServicePackFiles\i386\comrepl.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:15 9728 C:\WINDOWS\system32\Com\comrepl.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:15 9728 C:\WINDOWS\system32\dllcache\comrepl.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

[1] 2005-07-25 22:20:27 1267200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:44 1267200 C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1172992 C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll ()

[1] 2004-08-04 01:56:41 1251840 C:\WINDOWS\$NtUninstallKB902400$\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 1267200 C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 1267200 C:\WINDOWS\system32\comsvcs.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 1267200 C:\WINDOWS\system32\dllcache\comsvcs.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

[1] 2005-07-25 22:20:28 540160 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:45 540160 C:\WINDOWS\$NtServicePackUninstall$\comuid.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 495616 C:\WINDOWS\$NtUninstallKB828741$\comuid.dll ()

[1] 2004-08-04 01:56:41 540160 C:\WINDOWS\$NtUninstallKB902400$\comuid.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 539648 C:\WINDOWS\ServicePackFiles\i386\comuid.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 539648 C:\WINDOWS\system32\comuid.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:51 539648 C:\WINDOWS\system32\dllcache\comuid.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\es.dll

[1] 2005-07-25 22:20:28 243200 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll (Microsoft Corporation)

[1] 2008-07-07 14:23:18 253952 C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:45 243200 C:\WINDOWS\$NtServicePackUninstall$\es.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 225280 C:\WINDOWS\$NtUninstallKB828741$\es.dll ()

[1] 2004-08-04 01:56:42 243200 C:\WINDOWS\$NtUninstallKB902400$\es.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 246272 C:\WINDOWS\$NtUninstallKB950974$\es.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 246272 C:\WINDOWS\ServicePackFiles\i386\es.dll (Microsoft Corporation)

[1] 2008-07-07 14:26:58 253952 C:\WINDOWS\system32\dllcache\es.dll (Microsoft Corporation)

[1] 2008-07-07 14:26:58 253952 C:\WINDOWS\system32\es.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe

[1] 2005-07-25 17:42:35 8704 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe (Microsoft Corporation)

[1] 2004-08-04 01:56:51 7680 C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe (Microsoft Corporation)

[1] 2002-08-29 06:00:00 6656 C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe ()

[1] 2008-04-13 18:12:25 7680 C:\WINDOWS\ServicePackFiles\i386\migregdb.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:25 7680 C:\WINDOWS\system32\dllcache\migregdb.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

[1] 2005-07-25 22:20:29 425472 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 13:34:20 426496 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 08:09:35 428032 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll (Microsoft Corporation)

[1] 2006-03-01 13:42:42 426496 C:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 359936 C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll ()

[1] 2004-08-04 01:56:43 425472 C:\WINDOWS\$NtUninstallKB902400$\msdtcprx.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:46 425472 C:\WINDOWS\$NtUninstallKB913580$\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:59 427008 C:\WINDOWS\$NtUninstallKB952004$\msdtcprx.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:59 427008 C:\WINDOWS\ServicePackFiles\i386\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 08:23:32 428032 C:\WINDOWS\system32\dllcache\msdtcprx.dll (Microsoft Corporation)

[1] 2008-06-12 08:23:32 428032 C:\WINDOWS\system32\msdtcprx.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

[1] 2005-07-25 22:20:31 945152 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 13:34:20 956416 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 08:09:35 956928 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtctm.dll (Microsoft Corporation)

[1] 2006-03-01 13:42:42 956416 C:\WINDOWS\$NtServicePackUninstall$\msdtctm.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 869376 C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll ()

[1] 2004-08-04 01:56:43 949248 C:\WINDOWS\$NtUninstallKB902400$\msdtctm.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:47 945152 C:\WINDOWS\$NtUninstallKB913580$\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:59 956928 C:\WINDOWS\$NtUninstallKB952004$\msdtctm.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:59 956928 C:\WINDOWS\ServicePackFiles\i386\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 08:23:32 956928 C:\WINDOWS\system32\dllcache\msdtctm.dll (Microsoft Corporation)

[1] 2008-06-12 08:23:32 956928 C:\WINDOWS\system32\msdtctm.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

[1] 2005-07-25 22:20:31 161280 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 13:34:20 161280 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 08:09:35 161792 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll (Microsoft Corporation)

[1] 2006-03-01 13:42:42 161280 C:\WINDOWS\$NtServicePackUninstall$\msdtcuiu.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 151040 C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll ()

[1] 2004-08-04 01:56:43 161280 C:\WINDOWS\$NtUninstallKB902400$\msdtcuiu.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:47 161280 C:\WINDOWS\$NtUninstallKB913580$\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:59 161792 C:\WINDOWS\$NtUninstallKB952004$\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:59 161792 C:\WINDOWS\ServicePackFiles\i386\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 08:23:32 161792 C:\WINDOWS\system32\dllcache\msdtcuiu.dll (Microsoft Corporation)

[1] 2008-06-12 08:23:32 161792 C:\WINDOWS\system32\msdtcuiu.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

[1] 2005-07-25 22:20:39 66560 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 13:34:20 66560 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 08:09:35 66560 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxclu.dll (Microsoft Corporation)

[1] 2006-03-01 13:42:42 66560 C:\WINDOWS\$NtServicePackUninstall$\mtxclu.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 61440 C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll ()

[1] 2004-08-04 01:56:44 66560 C:\WINDOWS\$NtUninstallKB902400$\mtxclu.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:47 66560 C:\WINDOWS\$NtUninstallKB913580$\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:01 66560 C:\WINDOWS\$NtUninstallKB952004$\mtxclu.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:01 66560 C:\WINDOWS\ServicePackFiles\i386\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 08:23:32 66560 C:\WINDOWS\system32\dllcache\mtxclu.dll (Microsoft Corporation)

[1] 2008-06-12 08:23:32 66560 C:\WINDOWS\system32\mtxclu.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

[1] 2005-07-25 22:20:40 91136 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 13:34:20 91136 C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 08:09:35 91648 C:\WINDOWS\$hf_mig$\KB952004\SP3QFE\mtxoci.dll (Microsoft Corporation)

[1] 2006-03-01 13:42:42 91136 C:\WINDOWS\$NtServicePackUninstall$\mtxoci.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 83968 C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll ()

[1] 2004-08-04 01:56:44 90112 C:\WINDOWS\$NtUninstallKB902400$\mtxoci.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:47 91136 C:\WINDOWS\$NtUninstallKB913580$\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:01 91648 C:\WINDOWS\$NtUninstallKB952004$\mtxoci.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:01 91648 C:\WINDOWS\ServicePackFiles\i386\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 08:23:32 91648 C:\WINDOWS\system32\dllcache\mtxoci.dll (Microsoft Corporation)

[1] 2008-06-12 08:23:32 91648 C:\WINDOWS\system32\mtxoci.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

[1] 2005-01-14 02:55:50 1285120 C:\WINDOWS\$hf_mig$\KB873333\SP2GDR\ole32.dll (Microsoft Corporation)

[1] 2005-01-13 23:07:42 1284608 C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-04-28 13:35:02 1286144 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-25 22:20:40 1285632 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:48 1285120 C:\WINDOWS\$NtServicePackUninstall$\ole32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1169920 C:\WINDOWS\$NtUninstallKB824146$\ole32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1169920 C:\WINDOWS\$NtUninstallKB828741$\ole32.dll ()

[1] 2004-08-04 01:56:44 1281536 C:\WINDOWS\$NtUninstallKB873333$\ole32.dll (Microsoft Corporation)

[1] 2004-03-05 20:16:11 1183744 C:\WINDOWS\$NtUninstallKB873333_0$\ole32.dll (Microsoft Corporation)

[1] 2005-01-14 02:55:50 1285120 C:\WINDOWS\$NtUninstallKB894391$\ole32.dll (Microsoft Corporation)

[1] 2005-04-28 13:31:11 1285120 C:\WINDOWS\$NtUninstallKB902400$\ole32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 1287168 C:\WINDOWS\ServicePackFiles\i386\ole32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 1287168 C:\WINDOWS\system32\dllcache\ole32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 1287168 C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

[1] 2009-04-15 09:24:20 585216 C:\WINDOWS\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll (Microsoft Corporation)

[1] 2007-07-09 07:16:16 582656 C:\WINDOWS\$NtServicePackUninstall$\rpcrt4.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 530432 C:\WINDOWS\$NtUninstallKB824146$\rpcrt4.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 530432 C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll ()

[1] 2004-08-04 01:56:44 581120 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:04 584704 C:\WINDOWS\$NtUninstallKB970238$\rpcrt4.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:04 584704 C:\WINDOWS\ServicePackFiles\i386\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 08:51:25 585216 C:\WINDOWS\system32\dllcache\rpcrt4.dll (Microsoft Corporation)

[1] 2009-04-15 08:51:25 585216 C:\WINDOWS\system32\rpcrt4.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

[1] 2005-01-14 02:55:50 395776 C:\WINDOWS\$hf_mig$\KB873333\SP2GDR\rpcss.dll (Microsoft Corporation)

[1] 2005-01-13 23:07:42 395776 C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-04-28 13:35:01 396288 C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-07-25 22:20:40 398336 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 04:56:36 401408 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:49 397824 C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 260608 C:\WINDOWS\$NtUninstallKB824146$\rpcss.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 260608 C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll ()

[1] 2004-08-04 01:56:44 395776 C:\WINDOWS\$NtUninstallKB873333$\rpcss.dll (Microsoft Corporation)

[1] 2004-03-05 20:16:11 263680 C:\WINDOWS\$NtUninstallKB873333_0$\rpcss.dll (Microsoft Corporation)

[1] 2005-01-14 02:55:50 395776 C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll (Microsoft Corporation)

[1] 2005-04-28 13:31:11 395776 C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:04 399360 C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:04 399360 C:\WINDOWS\ServicePackFiles\i386\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 06:10:48 401408 C:\WINDOWS\system32\dllcache\rpcss.dll (Microsoft Corporation)

[1] 2009-02-09 06:10:48 401408 C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

[1] 2005-07-25 22:20:40 101376 C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll (Microsoft Corporation)

[1] 2005-07-25 22:39:49 101376 C:\WINDOWS\$NtServicePackUninstall$\txflog.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 90624 C:\WINDOWS\$NtUninstallKB828741$\txflog.dll ()

[1] 2004-08-04 01:56:46 101376 C:\WINDOWS\$NtUninstallKB902400$\txflog.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 101376 C:\WINDOWS\ServicePackFiles\i386\txflog.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 101376 C:\WINDOWS\system32\dllcache\txflog.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 101376 C:\WINDOWS\system32\txflog.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB833987$\sxs.dll

[1] 2006-10-19 07:59:58 713216 C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll (Microsoft Corporation)

[1] 2006-10-19 07:56:32 713216 C:\WINDOWS\$NtServicePackUninstall$\sxs.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 674816 C:\WINDOWS\$NtUninstallKB833987$\sxs.dll ()

[1] 2004-03-08 20:25:19 676864 C:\WINDOWS\$NtUninstallKB893086_0$\sxs.dll (Microsoft Corporation)

[1] 2004-08-04 01:56:46 713216 C:\WINDOWS\$NtUninstallKB926255$\sxs.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 713216 C:\WINDOWS\ServicePackFiles\i386\sxs.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 713216 C:\WINDOWS\system32\dllcache\sxs.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 713216 C:\WINDOWS\system32\sxs.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835409$\srrstr.dll

[1] 2004-08-04 01:56:45 239104 C:\WINDOWS\$NtServicePackUninstall$\srrstr.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 226304 C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll ()

[1] 2002-11-14 14:50:42 226816 C:\WINDOWS\$NtUninstallKB835409$\srrstr.dll ()

[1] 2002-08-29 06:00:00 226304 C:\WINDOWS\$NtUninstallQ329441$\srrstr.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 239104 C:\WINDOWS\ServicePackFiles\i386\srrstr.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 239104 C:\WINDOWS\system32\dllcache\srrstr.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:07 239104 C:\WINDOWS\system32\srrstr.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

[1] 2004-08-04 01:56:41 385024 C:\WINDOWS\$NtServicePackUninstall$\callcont.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 360448 C:\WINDOWS\$NtUninstallKB835732$\callcont.dll ()

[1] 2008-04-13 18:11:50 385024 C:\WINDOWS\ServicePackFiles\i386\callcont.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:50 385024 C:\WINDOWS\system32\dllcache\callcont.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll

[1] 2005-10-05 21:18:28 280064 C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2005-12-28 21:04:05 280064 C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2007-03-08 09:48:36 282112 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2007-06-19 07:37:21 282112 C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-02-20 00:52:43 282624 C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 06:43:42 286720 C:\WINDOWS\$hf_mig$\KB956802\SP3QFE\gdi32.dll (Microsoft Corporation)

[1] 2008-02-20 00:51:05 282624 C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 250368 C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll ()

[1] 2004-03-29 19:48:36 257536 C:\WINDOWS\$NtUninstallKB840987$\gdi32.dll (Microsoft Corporation)

[1] 2004-08-04 01:56:42 278016 C:\WINDOWS\$NtUninstallKB896424$\gdi32.dll (Microsoft Corporation)

[1] 2005-10-05 21:09:36 280064 C:\WINDOWS\$NtUninstallKB912919$\gdi32.dll (Microsoft Corporation)

[1] 2005-12-28 20:54:35 280064 C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll (Microsoft Corporation)

[1] 2007-03-08 09:36:28 281600 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll (Microsoft Corporation)

[1] 2007-06-19 07:31:19 282112 C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:54 285184 C:\WINDOWS\$NtUninstallKB956802$\gdi32.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:54 285184 C:\WINDOWS\ServicePackFiles\i386\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 06:36:14 286720 C:\WINDOWS\system32\dllcache\gdi32.dll (Microsoft Corporation)

[1] 2008-10-23 06:36:14 286720 C:\WINDOWS\system32\gdi32.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

[1] 2004-08-04 01:56:57 265728 C:\WINDOWS\$NtServicePackUninstall$\h323.tsp ()

[1] 2002-08-29 06:00:00 252928 C:\WINDOWS\$NtUninstallKB835732$\h323.tsp ()

[1] 2008-04-13 18:12:45 265728 C:\WINDOWS\ServicePackFiles\i386\h323.tsp ()

[1] 2008-04-13 18:12:45 265728 C:\WINDOWS\system32\dllcache\h323.tsp ()

[1] 2008-04-13 18:12:45 265728 C:\WINDOWS\system32\h323.tsp ()



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

[1] 2004-08-04 01:56:42 614912 C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 592896 C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll ()

[1] 2008-04-13 18:11:54 614912 C:\WINDOWS\ServicePackFiles\i386\h323msp.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:54 614912 C:\WINDOWS\system32\dllcache\h323msp.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:54 614912 C:\WINDOWS\system32\h323msp.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

[1] 2004-08-04 01:56:42 331264 C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 435200 C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll ()

[1] 2008-04-13 18:11:55 331264 C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:55 331264 C:\WINDOWS\system32\dllcache\ipnathlp.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:55 331264 C:\WINDOWS\system32\ipnathlp.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

[1] 2004-10-27 19:21:01 721920 C:\WINDOWS\$hf_mig$\KB885835\SP2GDR\lsasrv.dll (Microsoft Corporation)

[1] 2004-10-27 19:28:18 721920 C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 06:37:49 726528 C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2007-11-07 03:50:47 727040 C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 04:56:36 729088 C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-26 03:41:12 730112 C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\lsasrv.dll (Microsoft Corporation)

[1] 2007-11-07 03:26:56 721920 C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 671744 C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll ()

[1] 2004-08-04 01:56:42 721920 C:\WINDOWS\$NtUninstallKB885835$\lsasrv.dll (Microsoft Corporation)

[1] 2004-03-29 19:48:36 667648 C:\WINDOWS\$NtUninstallKB885835_0$\lsasrv.dll (Microsoft Corporation)

[1] 2004-10-27 19:21:01 721920 C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll (Microsoft Corporation)

[1] 2006-08-17 06:28:27 721920 C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:56 728064 C:\WINDOWS\$NtUninstallKB956572$\lsasrv.dll (Microsoft Corporation)

[1] 2009-02-09 06:10:49 729088 C:\WINDOWS\$NtUninstallKB968389$\lsasrv.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:56 728064 C:\WINDOWS\ServicePackFiles\i386\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-25 02:25:26 730112 C:\WINDOWS\system32\dllcache\lsasrv.dll (Microsoft Corporation)

[1] 2009-06-25 02:25:26 730112 C:\WINDOWS\system32\lsasrv.dll (Microsoft Corporation)

[2] 2009-02-09 06:10:49 729088 C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP449\A0081993.dll (Microsoft Corporation)

[2] 2009-02-09 06:10:49 729088 C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP449\A0082009.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll

[1] 2007-03-08 09:48:36 40960 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll (Microsoft Corporation)

[1] 2007-03-08 09:36:28 40960 C:\WINDOWS\$NtServicePackUninstall$\mf3216.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 35328 C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll ()

[1] 2004-08-04 01:56:42 39936 C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:56 40960 C:\WINDOWS\ServicePackFiles\i386\mf3216.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:56 40960 C:\WINDOWS\system32\dllcache\mf3216.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:56 40960 C:\WINDOWS\system32\mf3216.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

[1] 2004-08-04 01:56:42 57344 C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 51200 C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll ()

[1] 2002-08-29 06:00:00 51200 C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll ()

[1] 2008-04-13 18:11:58 57344 C:\WINDOWS\ServicePackFiles\i386\msasn1.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:58 57344 C:\WINDOWS\system32\dllcache\msasn1.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:58 57344 C:\WINDOWS\system32\msasn1.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

[1] 2004-08-04 01:56:43 994304 C:\WINDOWS\$NtServicePackUninstall$\msgina.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 968192 C:\WINDOWS\$NtUninstallKB835732$\msgina.dll ()

[1] 2008-04-13 18:11:59 997376 C:\WINDOWS\ServicePackFiles\i386\msgina.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:59 997376 C:\WINDOWS\system32\dllcache\msgina.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:59 997376 C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

[1] 2004-08-04 01:56:43 274432 C:\WINDOWS\$NtServicePackUninstall$\mst120.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 249856 C:\WINDOWS\$NtUninstallKB835732$\mst120.dll ()

[1] 2008-04-13 18:12:00 274432 C:\WINDOWS\ServicePackFiles\i386\mst120.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:00 274432 C:\WINDOWS\system32\dllcache\mst120.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

[1] 2004-08-04 01:56:44 77824 C:\WINDOWS\$NtServicePackUninstall$\nmcom.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 69632 C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll ()

[1] 2008-04-13 18:12:02 77824 C:\WINDOWS\ServicePackFiles\i386\nmcom.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:02 77824 C:\WINDOWS\system32\dllcache\nmcom.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

[1] 2002-08-29 06:00:00 548864 C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll ()

[1] 2005-03-31 14:23:47 848896 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.1_x-ww_d6bd8b93\rtcdll.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:50 991232 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

[1] 2007-04-25 14:32:22 144896 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 00:58:08 144896 C:\WINDOWS\$hf_mig$\KB960225\SP3QFE\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 02:41:11 147456 C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\schannel.dll (Microsoft Corporation)

[1] 2007-04-25 08:21:15 144896 C:\WINDOWS\$NtServicePackUninstall$\schannel.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 136704 C:\WINDOWS\$NtUninstallKB835732$\schannel.dll ()

[1] 2004-08-04 01:56:44 144896 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:05 144384 C:\WINDOWS\$NtUninstallKB960225$\schannel.dll (Microsoft Corporation)

[1] 2008-12-05 00:54:55 144896 C:\WINDOWS\$NtUninstallKB968389$\schannel.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:05 144384 C:\WINDOWS\ServicePackFiles\i386\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 02:25:26 147456 C:\WINDOWS\system32\dllcache\schannel.dll (Microsoft Corporation)

[1] 2009-06-25 02:25:26 147456 C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)

[2] 2008-12-05 00:54:55 144896 C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP449\A0081991.dll (Microsoft Corporation)

[2] 2008-12-05 00:54:55 144896 C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP449\A0082012.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\dao360.dll

[1] 2004-08-04 01:56:42 561179 C:\WINDOWS\$NtServicePackUninstall$\dao360.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 557128 C:\WINDOWS\$NtUninstallKB837001$\dao360.dll ()

[1] 2008-01-19 05:04:48 554008 C:\WINDOWS\ServicePackFiles\i386\dao360.dll (Microsoft Corporation)

[1] 2008-01-19 05:04:48 554008 C:\WINDOWS\system32\dllcache\dao360.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll

[1] 2004-08-04 01:56:42 380957 C:\WINDOWS\$NtServicePackUninstall$\expsrv.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 380445 C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll ()

[1] 2008-04-13 18:11:53 380445 C:\WINDOWS\ServicePackFiles\i386\expsrv.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 380445 C:\WINDOWS\system32\dllcache\expsrv.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 380445 C:\WINDOWS\system32\expsrv.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll

[1] 2004-08-04 01:56:43 512029 C:\WINDOWS\$NtServicePackUninstall$\msexch40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 512031 C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll ()

[1] 2007-04-02 06:47:43 518944 C:\WINDOWS\ServicePackFiles\i386\msexch40.dll (Microsoft Corporation)

[1] 2007-04-02 06:47:43 518944 C:\WINDOWS\system32\dllcache\msexch40.dll (Microsoft Corporation)

[1] 2007-04-02 06:47:43 518944 C:\WINDOWS\system32\msexch40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll

[1] 2004-08-04 01:56:43 319517 C:\WINDOWS\$NtServicePackUninstall$\msexcl40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 319519 C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll ()

[1] 2007-04-02 06:47:58 326432 C:\WINDOWS\ServicePackFiles\i386\msexcl40.dll (Microsoft Corporation)

[1] 2007-04-02 06:47:58 326432 C:\WINDOWS\system32\dllcache\msexcl40.dll (Microsoft Corporation)

[1] 2007-04-02 06:47:58 326432 C:\WINDOWS\system32\msexcl40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll

[1] 2004-08-04 01:56:43 1507356 C:\WINDOWS\$NtServicePackUninstall$\msjet40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 1503262 C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll ()

[1] 2007-10-22 03:30:50 1516568 C:\WINDOWS\ServicePackFiles\i386\msjet40.dll (Microsoft Corporation)

[1] 2007-10-22 03:30:50 1516568 C:\WINDOWS\system32\dllcache\msjet40.dll (Microsoft Corporation)

[1] 2007-10-22 03:30:50 1516568 C:\WINDOWS\system32\msjet40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll

[1] 2004-03-01 12:52:15 358976 C:\WINDOWS\$NtServicePackUninstall$\msjetol1.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 348195 C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll ()

[1] 2007-04-02 06:49:20 355112 C:\WINDOWS\ServicePackFiles\i386\msjetol1.dll ()

[1] 2007-04-02 06:49:20 355112 C:\WINDOWS\system32\dllcache\msjetol1.dll ()



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll

[2] 2004-03-01 12:52:15 358976 C:\WINDOWS\$NtServicePackUninstall$\msjetol1.dll (Microsoft Corporation)

[1] 2004-03-01 12:52:15 358976 C:\WINDOWS\$NtServicePackUninstall$\msjetoledb40.dll (Microsoft Corporation)

[1] 2002-08-29 13:00:00 348195 C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll ()

[1] 2007-04-02 06:49:20 355112 C:\WINDOWS\system32\msjetoledb40.dll ()



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll

[1] 2004-08-04 01:56:43 151583 C:\WINDOWS\$NtServicePackUninstall$\msjint40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 151626 C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll ()

[1] 2008-04-13 18:12:00 151583 C:\WINDOWS\ServicePackFiles\i386\msjint40.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:00 151583 C:\WINDOWS\system32\dllcache\msjint40.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:00 151583 C:\WINDOWS\system32\msjint40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll

[1] 2004-08-04 01:56:43 53279 C:\WINDOWS\$NtServicePackUninstall$\msjter40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 53322 C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll ()

[1] 2007-04-02 06:49:33 60192 C:\WINDOWS\ServicePackFiles\i386\msjter40.dll (Microsoft Corporation)

[1] 2007-04-02 06:49:33 60192 C:\WINDOWS\system32\dllcache\msjter40.dll (Microsoft Corporation)

[1] 2007-04-02 06:49:33 60192 C:\WINDOWS\system32\msjter40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll

[1] 2004-08-04 01:56:43 241693 C:\WINDOWS\$NtServicePackUninstall$\msjtes40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 241695 C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll ()

[1] 2007-04-02 06:49:37 248608 C:\WINDOWS\ServicePackFiles\i386\msjtes40.dll (Microsoft Corporation)

[1] 2007-04-02 06:49:37 248608 C:\WINDOWS\system32\dllcache\msjtes40.dll (Microsoft Corporation)

[1] 2007-04-02 06:49:37 248608 C:\WINDOWS\system32\msjtes40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll

[1] 2004-08-04 01:56:43 213023 C:\WINDOWS\$NtServicePackUninstall$\msltus40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 213023 C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll ()

[1] 2007-04-02 06:49:50 219936 C:\WINDOWS\ServicePackFiles\i386\msltus40.dll (Microsoft Corporation)

[1] 2007-04-02 06:49:50 219936 C:\WINDOWS\system32\dllcache\msltus40.dll (Microsoft Corporation)

[1] 2007-04-02 06:49:50 219936 C:\WINDOWS\system32\msltus40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll

[1] 2004-08-04 01:56:43 348189 C:\WINDOWS\$NtServicePackUninstall$\mspbde40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 348191 C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll ()

[1] 2007-04-02 06:50:05 355104 C:\WINDOWS\ServicePackFiles\i386\mspbde40.dll (Microsoft Corporation)

[1] 2007-04-02 06:50:05 355104 C:\WINDOWS\system32\dllcache\mspbde40.dll (Microsoft Corporation)

[1] 2007-04-02 06:50:05 355104 C:\WINDOWS\system32\mspbde40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll

[1] 2004-08-04 01:56:43 421919 C:\WINDOWS\$NtServicePackUninstall$\msrd2x40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 421919 C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll ()

[1] 2007-04-02 06:50:26 432928 C:\WINDOWS\ServicePackFiles\i386\msrd2x40.dll (Microsoft Corporation)

[1] 2007-04-02 06:50:26 432928 C:\WINDOWS\system32\dllcache\msrd2x40.dll (Microsoft Corporation)

[1] 2007-04-02 06:50:26 432928 C:\WINDOWS\system32\msrd2x40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll

[1] 2004-08-04 01:56:43 315423 C:\WINDOWS\$NtServicePackUninstall$\msrd3x40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 315466 C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll ()

[1] 2007-04-02 06:50:43 322336 C:\WINDOWS\ServicePackFiles\i386\msrd3x40.dll (Microsoft Corporation)

[1] 2007-04-02 06:50:43 322336 C:\WINDOWS\system32\dllcache\msrd3x40.dll (Microsoft Corporation)

[1] 2007-04-02 06:50:43 322336 C:\WINDOWS\system32\msrd3x40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll

[1] 2004-08-04 01:56:43 552989 C:\WINDOWS\$NtServicePackUninstall$\msrepl40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 552991 C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll ()

[1] 2007-04-02 06:51:05 559904 C:\WINDOWS\ServicePackFiles\i386\msrepl40.dll (Microsoft Corporation)

[1] 2007-04-02 06:51:05 559904 C:\WINDOWS\system32\dllcache\msrepl40.dll (Microsoft Corporation)

[1] 2007-04-02 06:51:05 559904 C:\WINDOWS\system32\msrepl40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll

[1] 2004-08-04 01:56:43 258077 C:\WINDOWS\$NtServicePackUninstall$\mstext40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 253983 C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll ()

[1] 2007-04-02 06:51:27 264992 C:\WINDOWS\ServicePackFiles\i386\mstext40.dll (Microsoft Corporation)

[1] 2007-04-02 06:51:27 264992 C:\WINDOWS\system32\dllcache\mstext40.dll (Microsoft Corporation)

[1] 2007-04-02 06:51:27 264992 C:\WINDOWS\system32\mstext40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll

[1] 2004-08-04 01:56:44 831519 C:\WINDOWS\$NtServicePackUninstall$\mswdat10.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 831562 C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll ()

[1] 2007-04-02 06:51:47 838432 C:\WINDOWS\ServicePackFiles\i386\mswdat10.dll (Microsoft Corporation)

[1] 2007-04-02 06:51:47 838432 C:\WINDOWS\system32\dllcache\mswdat10.dll (Microsoft Corporation)

[1] 2007-04-02 06:51:47 838432 C:\WINDOWS\system32\mswdat10.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll

[1] 2004-08-04 01:56:44 614429 C:\WINDOWS\$NtServicePackUninstall$\mswstr10.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 614474 C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll ()

[1] 2007-04-02 06:51:53 621344 C:\WINDOWS\ServicePackFiles\i386\mswstr10.dll (Microsoft Corporation)

[1] 2007-04-02 06:51:53 621344 C:\WINDOWS\system32\dllcache\mswstr10.dll (Microsoft Corporation)

[1] 2007-04-02 06:51:53 621344 C:\WINDOWS\system32\mswstr10.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll

[1] 2004-08-04 01:56:44 348189 C:\WINDOWS\$NtServicePackUninstall$\msxbde40.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 344095 C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll ()

[1] 2007-04-02 06:52:01 355104 C:\WINDOWS\ServicePackFiles\i386\msxbde40.dll (Microsoft Corporation)

[1] 2007-04-02 06:52:01 355104 C:\WINDOWS\system32\dllcache\msxbde40.dll (Microsoft Corporation)

[1] 2007-04-02 06:52:01 355104 C:\WINDOWS\system32\msxbde40.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll

[1] 2004-08-04 01:56:46 30749 C:\WINDOWS\$NtServicePackUninstall$\vbajet32.dll (Microsoft Corporation)

[1] 2002-08-29 06:00:00 30992 C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll ()

[1] 2008-04-13 18:12:08 30749 C:\WINDOWS\ServicePackFiles\i386\vbajet32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:08 30749 C:\WINDOWS\system32\dllcache\vbajet32.dll (Microsoft Corporation)

[1] 2008-04-13 18:12:08 30749 C:\WINDOWS\system32\vbajet32.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll

[2] 2004-08-04 01:56:29 757248 C:\WINDOWS\$NtServicePackUninstall$\sprb041b.dll (Microsoft Corporation)

[2] 2004-08-04 01:56:30 732160 C:\WINDOWS\$NtServicePackUninstall$\sprb0424.dll (Microsoft Corporation)

[1] 2004-08-04 01:56:36 2897920 C:\WINDOWS\$NtServicePackUninstall$\xpsp2res.dll (Microsoft Corporation)

[1] 2004-03-10 11:59:50 593408 C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll ()

[2] 2008-04-13 12:38:37 757248 C:\WINDOWS\ServicePackFiles\i386\sprb041b.dll (Microsoft Corporation)

[2] 2008-04-13 12:38:36 732160 C:\WINDOWS\ServicePackFiles\i386\sprb0424.dll (Microsoft Corporation)

[1] 2008-04-13 11:39:24 2897920 C:\WINDOWS\ServicePackFiles\i386\xpsp2res.dll (Microsoft Corporation)

[2] 2008-04-13 12:38:37 757248 C:\WINDOWS\system32\dllcache\sprb041b.dll (Microsoft Corporation)

[2] 2008-04-13 12:38:36 732160 C:\WINDOWS\system32\dllcache\sprb0424.dll (Microsoft Corporation)

[1] 2008-04-13 11:39:24 2897920 C:\WINDOWS\system32\dllcache\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 12:38:37 757248 C:\WINDOWS\system32\mui\041b\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 11:39:24 2897920 C:\WINDOWS\system32\mui\041e\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 12:38:36 732160 C:\WINDOWS\system32\mui\0424\xpsp2res.dll (Microsoft Corporation)

[1] 2008-04-13 11:39:24 2897920 C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx

[1] 2004-08-03 23:51:02 844314 C:\WINDOWS\$NtServicePackUninstall$\msdxm.ocx ()

[1] 2002-08-29 06:00:00 842268 C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx ()

[1] 2004-08-03 23:51:02 844314 C:\WINDOWS\ServicePackFiles\i386\msdxm.ocx ()

[1] 2008-04-13 18:10:08 844314 C:\WINDOWS\system32\dllcache\msdxm.ocx ()

[1] 2008-04-13 18:10:08 844314 C:\WINDOWS\system32\msdxm.ocx ()



Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41A.tmp\ZAP41A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44D.tmp\ZAP44D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP52F.tmp\ZAP52F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP555.tmp\ZAP555.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP95.tmp\ZAP95.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M886906\M886906

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe

[1] 2004-08-04 01:56:50 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:21 744448 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe ()

[1] 2008-04-13 18:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:21 744448 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4f47c78d92d1e7d8afd6488622d909fd\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cadf7c8240793a561791dc3bd3e91a5e\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 01:56:42 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 56320 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 18:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^



Finished!

Attached Files


Edited by Sei, 23 September 2009 - 11:56 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:58 AM

Posted 24 September 2009 - 03:52 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 24 September 2009 - 07:45 PM

Thanks for your reply! I booted up normally and it seems everything is ok, but when I try to run things like MBAM it still crashed so I know the problem didn't just disappear overnight as much as I would have liked it to lol. Anyways, I've attached the ComboFix log, and will paste it here as well. After the scan I shut off my computer and haven't turned it on since.

ComboFix 09-09-23.02 - Serie 09/24/2009 18:14.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1009 [GMT -6:00]
Running from: c:\documents and settings\Serie\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: F-Secure Client Security 7.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_NIM4711.TMP
c:\documents and settings\Serie\Application Data\inst.exe
c:\documents and settings\Serie\My Documents\cc_20081107_063207_registryNov072008.reg
c:\documents and settings\Serie\My Documents\cc_20081116_232233_registryNov162008.reg
c:\recycler\S-1-5-21-3523993061-775311243-3534968853-1003
c:\recycler\S-1-5-21-3523993061-775311243-3534968853-1006
c:\recycler\S-1-5-21-3523993061-775311243-3534968853-1007
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\Downloaded Program Files\setup.dll
c:\windows\Installer\167a9f9.msp
c:\windows\Installer\167aa35.msp
c:\windows\Installer\1f0274a.msi
c:\windows\Installer\241a632c.msi
c:\windows\Installer\27d71c75.msi
c:\windows\Installer\3b72fcd.msp
c:\windows\Installer\40688615.msi
c:\windows\Installer\49886.msi
c:\windows\Installer\5507c739.msi
c:\windows\Installer\5507c73f.msi
c:\windows\Installer\62fd9c1d.msp
c:\windows\Installer\6b630.msi
c:\windows\Installer\8708a.msi
c:\windows\Installer\fddae6a.msi
c:\windows\neoqaz2.dll
c:\windows\run.log
c:\windows\system32\7039160.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\net.net
c:\windows\system32\ps2.bat
c:\windows\system32\xa.tmp
D:\Autorun.inf

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-24 04:54 . 2009-09-24 04:54 -------- d-----w- c:\program files\ERUNT
2009-09-24 03:50 . 2009-09-24 23:37 0 ----a-r- c:\windows\win32k.sys
2009-09-24 03:02 . 2009-09-24 03:02 -------- d-----w- C:\_OTM
2009-09-09 05:30 . 2009-09-09 05:30 -------- d-----w- c:\program files\VST
2009-08-28 23:27 . 2009-08-28 23:27 152576 ----a-w- c:\documents and settings\Serie\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 00:21 . 2006-01-06 16:06 336 ----a-w- c:\windows\system32\tablet.dat
2009-09-24 23:48 . 2008-06-21 00:03 -------- d-----w- c:\documents and settings\Serie\Application Data\U3
2009-09-24 03:24 . 2009-03-31 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 03:04 . 2003-12-07 14:10 -------- d-----w- c:\program files\mIRC
2009-09-24 03:00 . 2008-06-20 23:53 -------- d-----w- c:\documents and settings\Serie\Application Data\Azureus
2009-09-23 22:13 . 2009-08-09 03:13 -------- d-----w- c:\program files\FlashGet
2009-09-18 01:58 . 2008-04-17 16:23 -------- d-----w- c:\program files\Rappelz
2009-09-14 12:57 . 2009-04-13 06:39 -------- d-----w- c:\documents and settings\Serie\Application Data\FileZilla
2009-09-13 16:02 . 2008-04-28 23:54 -------- d-----w- c:\program files\PaintTool SAI English Pack
2009-09-10 20:54 . 2009-03-31 04:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 20:53 . 2009-03-31 04:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 05:31 . 2006-06-13 23:13 -------- d-----w- c:\program files\Acoustica Mixcraft
2009-09-09 05:31 . 2006-06-13 22:18 -------- d-----w- c:\program files\Acoustica Shared Effects
2009-09-06 05:43 . 2008-12-16 06:43 -------- d-----w- c:\program files\Comiket
2009-08-28 23:37 . 2003-12-03 01:12 -------- d-----w- c:\program files\Java
2009-08-28 23:32 . 2004-04-23 04:30 -------- d-----w- c:\program files\Azureus
2009-08-19 16:11 . 2003-09-18 03:21 -------- d-----w- c:\program files\Winamp
2009-08-19 00:54 . 2006-07-05 06:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-15 14:27 . 2008-06-21 00:22 82216 ----a-w- c:\documents and settings\Serie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 04:41 . 2009-08-01 16:40 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-08-08 14:04 . 2009-08-08 14:04 -------- d-----w- c:\documents and settings\Serie\Application Data\Acoustica
2009-08-08 14:02 . 2009-08-08 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-08-08 14:01 . 2009-08-08 14:01 -------- d-----w- c:\program files\Acoustica Mixcraft 4
2009-08-05 09:01 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 16:44 . 2008-06-21 00:04 -------- d-----w- c:\documents and settings\Serie\Application Data\Skype
2009-08-01 16:41 . 2009-01-10 01:25 -------- d-----w- c:\documents and settings\Serie\Application Data\skypePM
2009-08-01 16:41 . 2009-08-01 16:41 -------- d-----w- c:\program files\Common Files\Skype
2009-08-01 16:41 . 2009-08-01 16:40 -------- d-----r- c:\program files\Skype
2009-08-01 16:40 . 2006-07-23 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-01 16:40 . 2009-08-01 16:40 -------- d-----w- c:\program files\DVDVideoSoft
2009-08-01 16:39 . 2009-08-01 16:34 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-01 16:39 . 2009-08-01 16:34 -------- d-----w- c:\program files\AVS4YOU
2009-08-01 16:36 . 2009-08-01 16:36 -------- d-----w- c:\documents and settings\Serie\Application Data\AVS4YOU
2009-08-01 16:36 . 2009-08-01 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-07-31 14:27 . 2008-07-09 23:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 14:27 . 2008-07-09 23:23 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 14:27 . 2007-10-03 05:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-30 03:48 . 2008-08-02 03:49 -------- d-----w- c:\documents and settings\Serie\Application Data\ComicMarketCatalogBrowser
2009-07-29 04:15 . 2009-02-19 03:31 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-29 04:15 . 2009-02-19 03:28 -------- d-----w- c:\program files\Nokia
2009-07-29 04:12 . 2009-02-19 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-25 11:23 . 2009-02-12 05:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-20 00:38 . 2009-07-20 00:38 20286 ----a-w- C:\cc_20090719_183847.reg
2009-07-17 19:01 . 2003-06-05 00:40 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 05:43 . 2004-09-23 00:46 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2005-02-18 22:19 915456 ----a-w- c:\windows\system32\wininet.dll
2007-05-12 03:17 . 2007-05-12 03:04 4788 ----a-w- c:\program files\serie.php
2007-04-10 14:48 . 2007-04-10 14:48 1579 ----a-w- c:\program files\index.php
2003-09-14 03:46 . 2003-09-14 03:45 197712 -c--a-w- c:\program files\Uninst.isu
2002-09-20 03:28 . 2006-12-24 08:28 9660 -c--a-w- c:\program files\help.htm
2002-07-31 16:28 . 2006-12-24 08:28 239224 -c--a-w- c:\program files\unicows.dll
2001-08-23 23:25 . 2006-12-24 08:28 1706800 -c--a-w- c:\program files\gdiplus.dll
1998-06-11 22:13 . 2003-09-14 03:45 0 -c--a-w- c:\program files\stats.txt
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@@desktop.dat
2006-10-02 03:21 . 2006-10-02 03:21 0 -csha-w- c:\windows\SMINST\HPCD.sys
2006-05-03 09:06 . 2009-06-28 06:19 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-06-28 06:19 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-06-28 06:19 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-08-08 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-29 1828136]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-23 180269]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-06 282624]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-12 114688]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-18 2022680]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Serie\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-20 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
PowerReg Scheduler.exe [2003-9-30 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-20 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-20 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-7-7 49220]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-1-6 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 19:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-07 03:16 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 14:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.IVAN^Start Menu^Programs^Startup^ef ????.lnk]
path=c:\documents and settings\Owner.IVAN\Start Menu\Programs\Startup\ef ????.lnk
backup=c:\windows\pss\ef ????.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Serie^Start Menu^Programs^Startup^spamsubtract.lnk]
backup=c:\windows\pss\spamsubtract.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Serie^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\OroBaduk\\OrO20.exe"=
"c:\\sysreset\\mirc.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Share\\Share.exe"=
"c:\\Program Files\\Trickster Online\\Splash.exe"=
"c:\\Starcraft\\SCXE Start.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\SoftImage\\XSI_7.0\\Application\\bin\\XSI.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Persona\\Persona.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Acoustica Mixcraft\\Mixcraft4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7/9/2008 5:23 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/9/2008 5:23 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/9/2008 5:23 PM 108552]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [4/23/2007 5:03 AM 82200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/7/2009 3:14 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/7/2009 3:14 PM 297752]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [12/31/2008 2:12 PM 693512]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/27/2008 8:26 PM 24652]
R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2/7/2009 2:26 PM 7936]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [5/28/2009 7:32 AM 108032]
S0 aoksy;aoksy;c:\windows\system32\drivers\icvtdxwx.sys --> c:\windows\system32\drivers\icvtdxwx.sys [?]
S0 behqftnx;behqftnx;c:\windows\system32\drivers\tawljuuz.sys --> c:\windows\system32\drivers\tawljuuz.sys [?]
S2 mrtRate;mrtRate; [x]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [6/28/2009 11:00 AM 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [6/28/2009 11:00 AM 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 11:31 AM 42000]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [12/31/2008 2:12 PM 910600]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
LSP: SpSubLSP.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Serie\Application Data\Mozilla\Firefox\Profiles\default.mx5\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-net - c:\windows\system32\net.net
HKLM-Run-realtekc - (no file)
AddRemove-PaintToolSAI - y:\painttool sai english pack\uninst.exe
AddRemove-?????-LilianFourhand- - y:\games\French Bread\Lilian Fourhand\?????-LilianFourhand-\UnInst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 18:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Softex\OmniPass\opxpgina.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(5064)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\tray.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Softex\OmniPass\omniServ.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\spm\spmdib.exe
c:\windows\system32\Tablet.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2009-09-25 18:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-25 00:35

Pre-Run: 11,431,886,848 bytes free
Post-Run: 11,364,503,552 bytes free

364 --- E O F --- 2009-09-12 06:12

Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:58 AM

Posted 25 September 2009 - 07:28 AM

Copy Win32kDiag.exe to your desktop.
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.



==================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 25 September 2009 - 08:37 AM

I've found that my computer seems to boot up much faster now! That's certainly a plus. I've also noticed that it seems to boot up a lot faster now (provided I don't have any external storage connected or it just hangs forever. Is there any way to fix this?). That aside, it seems like autorun has been disabled for everything as when I put in my USB or turn on my external drive they no longer autorun. Is there any way to enable it for specific things only?

Everything looks pretty good so far from my standpoint, I ran both of those scans and here are the logs:

Running from: C:\Documents and Settings\Serie\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Serie\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Cannot access: C:\WINDOWS\$NtUninstallKB824141$\user32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB824141$\user32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB824141$\win32k.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB824141$\win32k.sys

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\hh.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\hh.exe

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\html32.cnv

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\html32.cnv

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\locator.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\locator.exe

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\magnify.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\magnify.exe

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\narrator.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\narrator.exe

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\newdev.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\newdev.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\osk.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\osk.exe

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\shell32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\shell32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\srv.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\srv.sys

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\user32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\user32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\win32k.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\win32k.sys

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\ndis.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\ndis.sys

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\netshell.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\netshell.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll

Cannot access: C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\es.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\es.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

Cannot access: C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

Cannot access: C:\WINDOWS\$NtUninstallKB833987$\sxs.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB833987$\sxs.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835409$\srrstr.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835409$\srrstr.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323.tsp

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

Cannot access: C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\dao360.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\dao360.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll

Cannot access: C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll

Cannot access: C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll

Cannot access: C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx

Attempting to restore permissions of : C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41A.tmp\ZAP41A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41A.tmp\ZAP41A.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44D.tmp\ZAP44D.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44D.tmp\ZAP44D.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP52F.tmp\ZAP52F.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP52F.tmp\ZAP52F.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP555.tmp\ZAP555.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP555.tmp\ZAP555.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP95.tmp\ZAP95.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP95.tmp\ZAP95.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M886906\M886906

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M886906\M886906

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Minidump\Minidump

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\ErrorRep\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\ErrorRep\UserDumps\UserDumps

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\setup.pss\setup.pss

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4f47c78d92d1e7d8afd6488622d909fd\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4f47c78d92d1e7d8afd6488622d909fd\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cadf7c8240793a561791dc3bd3e91a5e\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cadf7c8240793a561791dc3bd3e91a5e\backup\backup

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Cannot access: C:\WINDOWS\system32\hkcmd.exe

Attempting to restore permissions of : C:\WINDOWS\system32\hkcmd.exe

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2



Finished!

-----------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.41
Database version: 2858
Windows 5.1.2600 Service Pack 3

9/25/2009 7:29:13 AM
mbam-log-2009-09-25 (07-29-13).txt

Scan type: Quick Scan
Objects scanned: 126314
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

Attached Files



#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:58 AM

Posted 25 September 2009 - 06:20 PM

Check this link for info on enabling autorun on any of your external drives.
http://www.moonvalley.com/products/rwavdc/enable.htm


We need to scan the system with this special tool.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 25 September 2009 - 07:27 PM

Here's the log from Junction:


Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\8d6875817d6a9991318cd66142b9\update: Access is denied.


.
Failed to open \\?\c:\\Documents and Settings\Owner: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\e117fc478a32342712d1\update: Access is denied.



Failed to open \\?\c:\\f45375dfa5e362eada92ea10b3\msxml4-KB927978-enu.log: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\0\MystikMedia.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\1\LTCML13n.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\2\AffCreatorDLL.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\3\AA-MP3.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\4\AA-MP3.chm: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\5\lame_enc.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\5\NCTAudioFile2.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\5\NCTAudioInformation2.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\5\NCTWMAFile2.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\5\NCTWMAProfiles.prx: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\5\wavdest.ax: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\6\MSCOMCTL.OCX: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\offline\6\msvcr70.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\MimarSinan\Installation Information\{1732136D-C4D6-4722-A725-8962F105371C}\{ECBD6175-2D5C-4A00-A093-73BB8E7E6AC5}\Redist\MS\System\comdlg32.ocx: Access is denied.


.

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{18DF995F-2ACC-47E4-A33B-A703F4D39E92}\setup.ilg: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.ilg: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}\setup.ilg: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}\setup.ilg: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\setup.ilg: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{8343C3DD-094B-11D4-B97E-0008C7212DD9}\setup.ilg: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{BD73E31E-4170-47A6-9D4E-7ADADAA47961}\setup.ilg: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{C0608AE3-FAFD-4702-A79C-67CC6A2F71B7}\setup.ilg: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\System Volume Information\MountPointManagerRemoteDatabase: Access is denied.


..

...

...

...

...

...

\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

.\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:58 AM

Posted 26 September 2009 - 12:55 PM

How is your computer behaving?

Are you able to access this folder: c:\Documents and Settings\Owner
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 26 September 2009 - 06:06 PM

Everything seems to be fine. I believe the c:\Documents and Settings\Owner was the old profile. At one point my user profiles seem to disappear at login for some reason so I created a new admin account and use that one now. I haven't been able to get rid of the old Owner profile, but it doesn't show up in the user list either. When I go into safe-mode it shows my account to login to as well as Administrator, but no other users. Do you think there's anything wrong with that?

I've attached a picture of that folder just in case. I can access all of the folders except for Owner, which just comes up as access denied. The account I use is Serie.

Either way, everything else seems to be working just fine, in fact it seems everything's moving along much faster than before even. Thanks a ton for your help, and let me know if you have any other suggestions!

Attached Files


Edited by Sei, 26 September 2009 - 06:11 PM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:58 AM

Posted 27 September 2009 - 12:14 PM

As long as you're not short on space and everything is operating smoothly I wouldn't be concerned about it.
Here are some final steps and then some recommendations for you.


We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Sei

Sei
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 27 September 2009 - 01:51 PM

Thank you very much for all your support! I've sent a small donation in appreciation, and hope that you'll continue to provide this invaluable help to everyone who needs it :(

Edited by Sei, 27 September 2009 - 01:53 PM.


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:58 AM

Posted 28 September 2009 - 06:46 AM

Thank you very much for the donation! It's very much appreciated! :(

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users