Anti-Malware programs will not run

Question

Turkagent 0 Newbie Poster

15 Years Ago

So first let me show a screenshot.

http://i239.photobucket.com/albums/ff65/Monosuke/HELPFFS.jpg

As you see on the left side it is placing porn on my desktop somehow. Not quite sure how. Also I got get of police pro just now. I couldn't find it in my registry when i follow the instructions located here:

http://www.softsailor.com/how-to/6793-how-to-remove-windows-police-pro-virus-windows-police-pro-virus-removal.html

Now I am a relative novice as far as computers go so here I go.

When I used combo-fix this is the .txt file that was updated so I think this is the right thing:

32788R22FWJFW\PEV.exe UZIP 32788R22FWJFW\License\pv_5_2_2.zip 32788R22FWJFW\ 

32788R22FWJFW\PV.exe -kf *.pif 
  Killing '*.pif'
pv: No matching processes found

MOVE /Y 32788R22FWJFW\PV.exe 32788R22FWJFW\PV.cfexe 

32788R22FWJFW\PV.cfexe -kf *.pif 
  Killing '*.pif'
"C:\32788R22FWJFW\n.pif" cmdwait 2500 exec hide "~$folder.system$\cmd.execf" /c 32788R22FWJFW\prep.cmd (4936)

PUSHD "C:\32788R22FWJFW" 

IF NOT EXIST pev.cfexe COPY /Y pev.exe pev.cfexe 
        1 file(s) copied.

IF NOT EXIST NircmdB.exe COPY /Y Nircmd.cfexe NircmdB.exe 
        1 file(s) copied.

SET "Comspec=C:\WINDOWS\system32\cmd.execf" 

IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT 

IF EXIST OsVer EXIT

VER  1>OsVer 

GREP.cfexe -F "5.2." OsVer 

IF 1 == 0 GOTO Not_NT 

GREP.cfexe -F "5.1.2" OsVer  1>XP.mac 

IF 0 == 0 GOTO NT 

GREP.cfexe -isq "ProductType.*WinNT" WinNT00   || GOTO Not_NT 

SED.CFEXE "/^PATH=/I!d; s///; s/\x22//g" Oripath  1>OriPath00 

PEV.EXE -rtf -s+901 .\OriPath00   && (
SED.CFEXE -r "s/\x22//g; s/(.{900}).*/\1/; s/;[^;]*$//" OriPath00  1>OriPath01  
 FOR /F "TOKENS=*" %G IN (OriPath01) DO @SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G" 
) 

IF NOT EXIST OriPath01 FOR /F "TOKENS=*" %G IN (OriPath00) DO SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G" 

SET "PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem" 
  Killing 'runonce.exe'
  Killing 'grpconv.exe'
  Killing 'procmon.exe'
pv: No matching processes found

PEV -rtf --c:##5# .\* and { License.exe or 32788R22FWJFW.exe or OsVer.exe or WinNT.exe or N_.exe }   1>temp00  && (
PV -o%f *  1>temp01  
 PEV -tf -t!o --files:temp01 --c:##5#b#f#  1>temp02  
 GREP -Fif temp00 temp02  1>temp03  
 SED "/.*   /!d; s///" temp03  1>temp04  
 SED  ":a; $!N; s/\n/\x22 \x22/; ta; s/.*/\x22&\x22/" temp04  1>temp05  
 FOR /F "TOKENS=*" %G IN (temp05) DO @NIRCMD KILLPROCESS %G 
) 

CALL :MDCheck 
Could Not Find C:\32788R22FWJFW\md5sum00.pif

PEV -rtf -md53A36F2E3123203B4DD38D95B03356EEB .\md5sum.pif   || CALL :MDFaiL ChkSum_Fail 
.\md5sum.pif

PEV -tf --files:files.pif --c:##5#b#f#  1>mdCheck00.dat 

GREP -vs "^!MD5:" mdCheck00.dat  1>mdCheck0a.dat 

GREP -Fvf md5sum.pif mdCheck0a.dat   1>mdCheck01.dat  && CALL :MDFaiL 

GOTO :EOF 

=============================================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robby\Application Data
CFLDR=32788R22FWJFW
Chksum=3A36F2E3123203B4DD38D95B03356EEB
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROB
ComSpec=C:\WINDOWS\system32\cmd.execf
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robby
KMD=CF4194.exe
LOGONSERVER=\\ROB
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.CFEXE;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$
Qrntn=C:\Qoobox\Quarantine
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RKEY_=hklm\software\microsoft\windows nt\currentversion\windows
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\Robby\Desktop\combo-fix.exe" 
sfxname=C:\Documents and Settings\Robby\Desktop\combo-fix.exe
SYSTEM=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Robby\LOCALS~1\Temp
TMP=C:\DOCUME~1\Robby\LOCALS~1\Temp
USERDOMAIN=ROB
USERNAME=Robby
USERPROFILE=C:\Documents and Settings\Robby
windir=C:\WINDOWS

=============================================


IF NOT DEFINED sfxname GOTO END 

GREP -F \ temp01   && CALL :Aux 

ATTRIB.EXE +R "C:\Documents and Settings\Robby\Desktop\combo-fix.exe" 

GREP -Fi "C:\WINDOWS\system32\userinit.exe" Userinit00   || (SWREG ADD "hklm\software\microsoft\windows nt\currentversion\winlogon" /v Userinit /d "C:\WINDOWS\system32\userinit.exe," ) 
   Userinit REG_SZ          C:\WINDOWS\system32\userinit.exe,

CALL LANG.bat

I am still attempting as I write this to get HiJackthis to work. I'm not sure why it isn't opening. I went to the intial HJACKTHIS file and it will not open and tells me I don't have the correct permissions, so I deleted it and redownloaded it.

Okay so I got it reinstalled started to run it then it closed on me after I clicked run+save log. Lasted all of 5-7 seconds. I attempted to reopen it and it gave me a permissions blurb again.

windows-virus

Edited 11 Years Ago by mike_2000_17 because: Fixed formatting

3 Contributors
29 Replies
259 Views
3 Days Discussion Span
Latest Post 15 Years Ago Latest Post by PhilliePhan

jholland1964 650 Posting Expert

15 Years Ago

Hi and welcome to daniweb,
First of all looking at your attachment I am sorry but I don't see where you mean there is porn on the desk top. It is too small to see something other than icons on the left side.

Next,you shouldn't have used combofix without first being instructed to do so. That website you linked to didn't mention combofix that I could see. Don't run combofix again unless first instructed to do so. That is very often a LAST RESORT, not a first step.

These were instructions that site uses to remove one specific infection, at this point we don't know that is what you have.

The combofix log is incomplete or very likely not even a combofix log so I cannot say what was done or not done by using this program. There is never a reason that the combofix log would be "updated" that is why I am not really certain that you actually ran combofix. Where did you get it?

Can you open the log again, you should be able to find it in C:\ComboFix.txt. and make sure Word wrap is NOT on. Copy paste the ENTIRE log here, maybe I can figure out what was done. We have no idea of your operating system, your anti-virus program, what other steps you took to attempt to remove what for now is only known as an unknown infection.

EDIT: Just look through that log you posted I don't believe that the program you ran actually was combofix. I believe it was a fake one. The real combofix is all one word, the one you ran seems to have been spelled combo-fix...which is known malicious software....Unless YOU personally changed the name of the file, did you?

Edited 15 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

15 Years Ago

It was originally combofix but for some reason It wouldn't run so someone on another forum suggested I just modify it to work.
Alright, Any suggestion on what I should do then to get hjackthis working?
The log I posted seems to be Superantispyware. It is the only other thing I ran today. Unfortunately it closes in the middle of it and won't complete the scan.

Since you have posted at another forum it is advisable that you continue there. Advice could conflict if taking steps from two different forums.

Edited 15 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

15 Years Ago

Honestly, I have no idea why you ran combofix. I have no idea what you have run. You said the log you posted was SAS but that doesn't appear to be an SAS log, or one that I have seen before.
You have not given any information on your OS, your AV program, what steps you have taken except to run combofix which nobody here would tell you to do until much later. This obviously was an OLD version of combofix if you received info on it months ago at another forum. I don't really know how I can help you if you are not totally forthcoming with information and you have not been. I see nothing about porn in the attachment you posted. It just appears to be a desktop print screen of this web site.

jholland1964 650 Posting Expert

15 Years Ago

And I have clearly stated I need information about your computer in general, what is your operating system, what anti-virus program are you running? What other tools have you run? You have not told me this. I realize this is frustrating but I can't offer help unless I know all of the above. Some tools do not run on all operating systems. Some tools do not operate with OTHER security programs. I need to know this. HiJackThis is ONLY a scanner NOT a fixer program so at this point that is not needed.

jholland1964 650 Posting Expert

15 Years Ago

Ok, I will tell you, just from your print screens and your comments I honestly thought you were running Vista.
Now you can try these steps. I will say first that I don't know if any of them will work since you have all ready run an old version, I think anyway, of combofix. This is a tool which should never be kept on the computer after a problem is solved so if you used an old version you all ready had on there it is very possible that this has compromised much of what is needed to do. Just the fact that you used it without direction can actually compromise things but we will put that aside for now.
I want you to try these steps.
Windows Police Pro can disable the ability to use your Windows Task Manager. To fix this, please download the following file to your desktop.
Fixtm.reg
Once the file is downloaded, double-click on it and select Yes when it asks if you want to merge the data into your Registry. Once that is completed you should be able to use the Windows Task Manager.
You must end the two processes associated with Windows Police Pro as they do not allow you to run any applications
that we will need to remove this program. To do this we need to launch the Windows Task Manager by right-clicking on the time in the Windows task bar and then selecting Task Manager.
When Windows Task Manager opens please click the Processes Tab
You will now be at a screen that shows the running processes on your computer. First put a checkmark in the checkbox labeled Show processes from all users
Then scroll through the list till you see the process called Windows Police Pro.exe and left-click on it once so it becomes highlighted. Then click on the End Process button.
When you click on the End Process button, Task Manager will ask you to confirm if you are sure you want to terminate it, click YES
After you have ended the Windows Police Pro.exe process, scroll through the list of processes until you find the svchast.exe or svchasts.exe processes. Then end this process as well by clicking on the End Process button and confirming that you want to end it. Please note that in Windows there is a legitimate program called svchost.exe, so please be careful to only end the process that is spelled svchast.exe.

When those two Windows Police Pro processes are terminated, we need to fix one last thing so that you are able to run Windows programs. To do this, please download the following file to your desktop.
FixExe.reg
Once the file is downloaded, double-click on it and select Yes when it asks if you want to merge the data into your Registry. Once that is completed HOPEFULLY you should be able to run programs again.

If all went ok...I am keeping my fingers crossed here...
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Now I know you said you had HiJackThis on the computer. I would like you to Uninstall that one and download a new one from HERE

Run a Full System Scan and Save the log.
Post back here with the MBA-M log and the HJT log.
Judy

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Turkagent 0 Newbie Poster · Answer 1 · 2009-09-08T03:29:16+00:00

It was originally combofix but for some reason It wouldn't run so someone on another forum suggested I just modify it to work.

Alright, Any suggestion on what I should do then to get hjackthis working?

The log I posted seems to be Superantispyware. It is the only other thing I ran today. Unfortunately it closes in the middle of it and won't complete the scan.

Turkagent 0 Newbie Poster · Answer 2 · 2009-09-08T03:52:19+00:00

Maybe I misspoke myself. I did not post this particular issue I posted an issue I was having with a program called "iexplorer" around 5 months ago. It no longer is an issue and I have subsequently forgotten what that website is. :|

This is a different issue.

Turkagent 0 Newbie Poster · Answer 3 · 2009-09-08T04:30:57+00:00

-.-

Perhaps I did make it clear that I could not post anything becuase as soon as I try to run HjackTHIS it shuts it down and then tells me I don't have the proper permission.

Alright, Any suggestion on what I should do then to get hjackthis working?

-.-

Additionally I keep having a pop-up that tells me windows firewall has blocked some features but can't do anything about Trojan's already on my computer. You know what, I'll just post another picture. -.-

http://img297.imageshack.us/img297/3143/scunt.jpg

When I exit out them it takes me to this site: http://join2672.billmyccagain.com/signup.cgi?ver=3&aff=1241

EDIT -

Not forth coming? As if I am trying to hide information from people I need help from? I have clearly state that I need help getting HjackTHIS to run so I can post specifics.

Turkagent 0 Newbie Poster · Answer 4 · 2009-09-08T05:01:26+00:00

Operating System: Microsoft windows XP Professional(5.1, Build 2600)

I had my windows Firewall disabled and had AVG running. Recently AVG stopped working correctly in that I could not get rid of malware that it picked up. It would tell me that that virus vault was full or something of that manner. I tried to figure out how to empty it but I couldn't figure it out. Anyhow, I have enable the standard firewall for windows and AVG is running.

I have tried running Superantispyware but something is not allowing it to finish so it keeps closing halfway through.

I tried running combo-fix becuase I remember in the past someone had me run that and it helped my problem. So I guess I was just using a tool of which I had no idea it's use.

http://img268.imageshack.us/img268/4269/rightv.jpg
^Picture for clarification.

Turkagent 0 Newbie Poster · Answer 5 · 2009-09-08T06:36:05+00:00

Alright I followed your instructions up to the point where I downloaded the program Malwarebytes' Anti-Malware. I downloaded it and when I attempt to open it I have issues. It shows up in my process list however it will not go any further.

http://img180.imageshack.us/img180/8623/round2.jpg

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 6 · 2009-09-08T06:57:22+00:00

Please navigate to the MBAM folder located in the Program Files directory.

Locate MBAM.exe and rename it to winlogon.exe

Once renamed double click on the file to open MBAM and then see if you can run it.

Turkagent 0 Newbie Poster · Answer 7 · 2009-09-08T07:04:30+00:00

I'm sorry to say that I have no idea what you mean by Program Files directory... If this is referring to my program files directory then it isn't there becuase I haven't been able to install it. I have only downloaded the program and attempted to open it(which its still not open yet).

So yeah, I don't know what you're getting at. :|

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 8 · 2009-09-08T07:23:31+00:00

If it shows in Processes then it is running stop the process and then try renaming the install file on your desktop and try again.
You have two processes showing there....
a.exe and b.exe
Stop both of those I believe they are infection files.

Turkagent 0 Newbie Poster · Answer 9 · 2009-09-08T08:22:33+00:00

Alright I got it installed, although it took a very long time. I closed down those processes although they came back and I subsequently shut them down again.

Now the problem is even though I installed it it won't open. It goes into the process tray, stays there for 15-20 minutes then closes.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 10 · 2009-09-08T09:09:04+00:00

Ok, you are going to have to do the following:

First of all, look in Scheduled Tasks. See if there are any odd ones or ones you did not add yourself. These would be ones which say, run every minute or multiple times or continue...plus with odd names. If you find any Delete them.
Then do the following:
Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
Restart your computer (very important).
Download and run this utility. mbam-clean.exe
It will ask to restart your computer (please allow it to).
After the computer restarts, Temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

Again try renaming it if it does not install. Let me know what happens. One thing that really puts all this at a disadvantage is that you ran that combofix. We have absolutely NO idea what was done by that program because you never did post a log for it. So I am virtually "flying blind" here and I am going to be totally honest, I don't know that any of this will work. But I am trying to find a solution for you.

You never said, when you got the warning from the Windows Firewall DID you attempt to have the firewall BLOCK the program or not? You should.

Turkagent 0 Newbie Poster · Answer 11 · 2009-09-08T11:21:25+00:00

Followed your instructions same result. It is installed but it won't open. As far as blocking, I don't have the option to block. I think all the pop-ups are fake alerts becuase I don't have that option. They only give me the option of canceling or enabling protection which leads me to a site that tries to sell me software.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 12 · 2009-09-08T20:59:43+00:00

Can you try in Safe Mode? MBA-M doesn't fully work in Safe Mode but it may get some things if it is able to run.

Turkagent 0 Newbie Poster · Answer 13 · 2009-09-09T10:05:15+00:00

Turkagent 0 Newbie Poster

15 Years Ago

NOpe still doesn't work in safe mode...

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 14 · 2009-09-09T10:09:03+00:00

NOpe still doesn't work in safe mode...

While Judy is away, let's have a look at something:

Please download FindIt.zip and Extract the FindIt folder to your desktop.
-- Inside the folder, you'll see RunThis.bat - DoubleClick it and let it run. (10-20 seconds)
A log should pop up - please post that for me.

PP :)

Turkagent 0 Newbie Poster · Answer 15 · 2009-09-10T07:43:22+00:00

Looking for cngaudit.dll

No matches found.

Looking for eventlog.dll

C:\WINDOWS\$NTSER~3\
eventlog.dll Tue Feb 28 2006 5:00:00a ..... 55,808 54.50 K

C:\WINDOWS\SYSTEM32\
eventlog.dll Sun Apr 13 2008 5:11:54p A.... 61,952 60.50 K

C:\WINDOWS\SERVIC~1\I386\
eventlog.dll Sun Apr 13 2008 5:11:54p ..... 56,320 55.00 K

3 items found: 3 files, 0 directories.
Total of file sizes: 174,080 bytes 170.00 K

Looking for logevent.dll

C:\WINDOWS\SYSTEM32\
logevent.dll Sun Apr 13 2008 5:11:54p A.... 56,320 55.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 56,320 bytes 55.00 K

Looking for netlogon.dll

C:\WINDOWS\$NTSER~3\
netlogon.dll Tue Feb 28 2006 5:00:00a ..... 407,040 397.50 K

C:\WINDOWS\SYSTEM32\
netlogon.dll Sun Apr 13 2008 5:12:02p A.... 407,040 397.50 K

C:\WINDOWS\SERVIC~1\I386\
netlogon.dll Sun Apr 13 2008 5:12:02p ..... 407,040 397.50 K

3 items found: 3 files, 0 directories.
Total of file sizes: 1,221,120 bytes 1.16 M

Looking for scecli.dll

C:\WINDOWS\$NTSER~3\
scecli.dll Tue Feb 28 2006 5:00:00a ..... 180,224 176.00 K

C:\WINDOWS\SYSTEM32\
scecli.dll Sun Apr 13 2008 5:12:06p A.... 181,248 177.00 K

C:\WINDOWS\SERVIC~1\I386\
scecli.dll Sun Apr 13 2008 5:12:06p ..... 181,248 177.00 K

3 items found: 3 files, 0 directories.
Total of file sizes: 542,720 bytes 530.00 K

That came up. For the record it took around 40-60 seconds, if that matters.

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 16 · 2009-09-10T08:11:41+00:00

That came up. For the record it took around 40-60 seconds, if that matters.

Not really - I just based that on what it took on my compy :)

OK - We need to do this:

Please Download Win32kDiag and save it to your Desktop. Leave it for now.
• http://ad13.geekstogo.com/Win32kDiag.exe
• http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe

Please Download The Avenger v2 by Swandog46
http://swandog46.geekstogo.com/avenger.zip

-- Extract Avenger.exe from the ZIP to your Desktop
-- Highlight the complete text in Red below and copy it using Ctrl+C or RightClick > Copy:

Files to move:
C:\WINDOWS\SYSTEM32\logevent.dll | C:\WINDOWS\SYSTEM32\eventlog.dll

-- Now, DoubleClick avenger.exe on your desktop to run it
-- Read the Warning Prompt and press OK
-- Paste the script you just copied into the textbox , using Ctrl+V or RightClick > Paste
-- Press Execute
-- Answer YES to the confirmation prompts and allow your computer to reboot.
In some cases, The Avenger will reboot your machine a second time. No worries.
-- After reboot, The Avenger should open a log – please post that for me.

NEXT:

Click START > RUN and then Copy&Paste the following into the command field: "%userprofile%\desktop\win32kdiag.exe" -f –r

That should produce a log, as well. Please post it for me.

Let me know if you ran into any difficulties along the way with these instructions and we'll go from there.

-- Check and see if MBA-M will run now in Normal Windows Boot and, if it does, do a Full Scan and have it remove what it finds and post that log too...

Best Luck :)
PP

Turkagent 0 Newbie Poster · Answer 17 · 2009-09-10T09:14:31+00:00

First log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\SYSTEM32\logevent.dll|C:\WINDOWS\SYSTEM32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Posting now, will edit in additional log. Just in case my computer does a reboot or some such.

Second Log:

Log file is located at: C:\Documents and Settings\Robby\Desktop\Win32kDiag.txt

Removing all found mount points.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Found mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971961\KB971961

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA0F.tmp\ZAPA0F.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA0F.tmp\ZAPA0F.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAF3.tmp\ZAPAF3.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAF3.tmp\ZAPAF3.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2006-02-28 05:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-13 17:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe

[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 11:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB911164\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)

[1] 2006-01-19 12:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 08:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 04:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 10:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 05:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 00:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:56 716000 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 16:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 04:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\3f62db0dd41de1740f8addce0cc500ec\update\update.exe ()

[1] 2005-06-28 11:24:52 716000 C:\WINDOWS\SoftwareDistribution\Download\6c582d950e8e569fbc534ce8a9e66be8\update\update.exe (Microsoft Corporation)

[1] 2007-03-05 18:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 06:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe