It says:
Rebooting windows... Please wait
Access is Denied.
It ran threw the whole test I guess it just wont let it restart. Should I just close it out and restart it?
adub 0 Junior Poster in Training
PhilliePhan 171 Central Scrutinizer Team Colleague
It ran threw the whole test I guess it just wont let it restart. Should I just close it out and restart it?
Yes - do that and see if it completes.
PP:)
adub 0 Junior Poster in Training
When I restarted it this popped up:
C:\WINDOWS\System32\CF22858.exe
windows cannot access device path.
Then it said I may not have the correct permissions or somthing like that.
It did not start scanning or anything like that again.
PhilliePhan 171 Central Scrutinizer Team Colleague
It did not start scanning or anything like that again.
Let's try a command prompt and type:
%systemroot%\system32\restore\rstrui.exe
See if there are any viable restore points.
If not, we'll try something with Avenger, but it may be risky.
I am about to close it down for the night - got about 10 more minutes of computer time. We might have to pick this up tomorrow....
PP :)
adub 0 Junior Poster in Training
Sorry but I am going to have to go for the night because I have to work a 16 hour shift tomorrow. I probably wont be able to get on until around 9:00 pm central time tomorrow and will only be able to stay on till about this time again.
Thanks for the help again and hopfully I will see you on here tomorrow.
adub 0 Junior Poster in Training
I will try that real quick.
adub 0 Junior Poster in Training
It is telling me the same thing it did when I tried to do a system restore right after the problems started to happend:
"System Restore is not able to protect your computer. Please restart your system and try again"
Ok ill see you on tomorrow. Thanks.
PhilliePhan 171 Central Scrutinizer Team Colleague
Ok ill see you on tomorrow. Thanks.
We can attack this in a different manner tomorrow . .. .
Hopefully we'll have better luck!
G'Night :)
PhilliePhan 171 Central Scrutinizer Team Colleague
If you get a chance before I check back tonight, try this:
-- Download DDS by sUBs and save it to your Desktop
-- If your AV has a script blocker, please disable it
-- DoubleClick on dds.scr to run the tool
* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
I would like to see that DDS.txt - At this point I am not sure what combofix was able to accomplish.
Also, if you can, download new copies of combofix and MBA-M.
Rename them BOTH before you download them:
Zappafix.exe and BAMM.exe
We'll likely be using The Avenger and others as well, so have them handy.
Back tonight.
PP :)
adub 0 Junior Poster in Training
Sorry I couldnt get on last night due to have to work longer than expected. I will start on the stuff you posted right now. Thanks.
adub 0 Junior Poster in Training
"-- If your AV has a script blocker, please disable it"
Im not sure what you mean or what to do about the above sentance.
If you mean anti virus it willnot let me access it at all.
EDIT: also I downloaded everything on your last post and renamed the last 2 with the names you posted.
PhilliePhan 171 Central Scrutinizer Team Colleague
Sorry I couldnt get on last night due to have to work longer than expected. I will start on the stuff you posted right now. Thanks.
No worries!
This is possibly the nastiest POS I have ever seen and I've been volunteering in various forums long enough to remember some really nasty ones . . . LOL!
-- What I want to find out is just what has been accomplished , if anything, by the first run of combofix.
This baddie will let it run once, but then blocks it.
I do have a few tricks up my sleeve to try to get around that.
PP :)
PhilliePhan 171 Central Scrutinizer Team Colleague
"-- If your AV has a script blocker, please disable it"
Just see if DDS will run and we'll try something else.
BTW - How are you set up for reading/posting logs?
If you are posting via flash drive an another computer, we do risk infecting both the flash drive and the other compy . . . But, that's a risk we might have to take...
adub 0 Junior Poster in Training
Just see if DDS will run and we'll try something else.
BTW - How are you set up for reading/posting logs?
If you are posting via flash drive an another computer, we do risk infecting both the flash drive and the other compy . . . But, that's a risk we might have to take...
I am using a flash drive. I dont mind the risk...im using a really old laptop that I use to log the tune on my race car. (by really old I mean a COMPAQ PRESARIO 1692 lol)
I am going in there to try the scan now.
PhilliePhan 171 Central Scrutinizer Team Colleague
I am going in there to try the scan now.
Great!
I have to grabs something to eat - be back in a bit.
Here are two more tools we are going to need:
http://download.sysinternals.com/Files/Junction.zip
http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe
-- Are you able to uninstall the copy of MBA-M currently on the machine? If so, do that.
Let me know.
PP :)
adub 0 Junior Poster in Training
Great!
I have to grabs something to eat - be back in a bit.
Here are two more tools we are going to need:
http://download.sysinternals.com/Files/Junction.zip
http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe-- Are you able to uninstall the copy of MBA-M currently on the machine? If so, do that.
Let me know.PP :)
I just double clicked on DDS scan and it popped up the cmd prompt box for less than 1 sec then it went away???
I already deleted the old malwarebytes. I will download the new things now.
PhilliePhan 171 Central Scrutinizer Team Colleague
I just double clicked on DDS scan and it popped up the cmd prompt box for less than 1 sec then it went away???
I already deleted the old malwarebytes. I will download the new things now.
Ok - Let's do this first:
Transfer Win32kDiag.exe to the desktop.
-- DoubleClick on Win32kDiag.exe to run it. Let it run for as long as it needs to.
If doubleclicking doesn't work, open a command prompt and then copy and paste "%userprofile%\desktop\win32kdiag.exe" ENTER
-- When it says Finished – Press any key to exit, do that to exit the program.
-- You should now have a Win32kDiag.txt on your Desktop. Please post the entire log for me and we’ll go from there.
If it doesn't run, delete it and then rename it on laptop to Win32kDiag.com and transfer it to the Desktop and try to run it. Command prompt would be "%userprofile%\desktop\win32kdiag.com"
Let me know what happens.
PP :)
adub 0 Junior Poster in Training
Ok Win32kDiag.exe is running.
PhilliePhan 171 Central Scrutinizer Team Colleague
Ok Win32kDiag.exe is running.
Good - how did you get it to run? Cmd prompt?
PP :)
adub 0 Junior Poster in Training
It just let me double click it to run it.
The scan just finished. Here is the Log:
Log file is located at: C:\Documents and Settings\Compaq_Administrator.JENNASPC\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB899589\KB899589
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\GAC_32\GAC_32
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\GAC_MSIL\GAC_MSIL
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\SonicMCEBurnEngine\SonicMCEBurnEngine
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBCF.tmp\ZAPBCF.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d1\d1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d2\d2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d3\d3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d4\d4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d5\d5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d6\d6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d7\d7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d8\d8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
[1] 2004-08-09 23:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)
[1] 2004-08-09 23:00:00 743936 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()
[1] 2008-04-14 05:42:22 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)
[1] 2008-04-14 05:42:22 744448 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\helpsvc.exe (Microsoft Corporation)
[1] 2004-08-09 23:00:00 743936 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\setup.pss\setupupd\setupupd
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4ee3fbebbfecab84fe3a0e44ae24966f\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe
[1] 2004-10-14 20:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)
[1] 2004-12-01 00:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:34:48 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 13:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:34:48 654848 C:\WINDOWS\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB893066\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 01:12:28 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 01:12:28 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 01:12:28 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 01:12:28 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB929338\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB935448\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB938464-v2\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944338\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944338-v2\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)
[1] 2007-12-03 10:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB953838\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB958470\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB969897\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB971032\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB971930-IE8\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$NtUninstallKB898461$\update.exe (Microsoft Corporation)
[1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$NtUninstallKB923561$\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$NtUninstallKB935448$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:20:44 755576 C:\WINDOWS\$NtUninstallKB946648$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB950760$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB950762$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$NtUninstallKB950974$\update.exe (Microsoft Corporation)
[1] 2007-12-03 10:25:31 755576 C:\WINDOWS\$NtUninstallKB951066$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB951376-v2$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB951698$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$NtUninstallKB951748$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$NtUninstallKB952004$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB952287$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB952954$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB954600$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB955069$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB955839$\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$NtUninstallKB956572$\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$NtUninstallKB956802$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB956803$\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$NtUninstallKB957097$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB958644$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB958687$\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$NtUninstallKB958690$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$NtUninstallKB959426$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB960225$\update.exe (Microsoft Corporation)
[1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$NtUninstallKB960715$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB960803$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$NtUninstallKB961373$\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$NtUninstallKB963027$\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$NtUninstallKB967715$\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe ()
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\SoftwareDistribution\Download\574548bb1821009dfc939b99bf38919d\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\7b5e86592de99471f7da9382ca63ffe3\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\update\update.exe (Microsoft Corporation)
[1] 2007-08-10 20:46:20 755576 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\update\update.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\msft\windows\windows
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\policy\msft\windows\windows
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\51\msft\windows\system\system
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\51\policy\msft\windows\system\system
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\msft\windows\net\net
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\policy\msft\windows\networking\networking
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\msft\windows\common\common
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\policy\60\60
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\msft\windows\windows
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\policy\msft\msft
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-260294620-4030434168-19268273-1007\S-1-5-21-260294620-4030434168-19268273-1007
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\CF22858.exe
[1] 2009-09-10 22:31:57 388608 C:\WINDOWS\system32\CF22858.exe ()
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\EMVQ99N6\EMVQ99N6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\9QE49MBF\9QE49MBF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1080243138-3601062268-341916335-500\S-1-5-21-1080243138-3601062268-341916335-500
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2213769524-3607077738-3465792719-500\S-1-5-21-2213769524-3607077738-3465792719-500
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Rhapsody\Rhapsody
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1080243138-3601062268-341916335-500\S-1-5-21-1080243138-3601062268-341916335-500
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2213769524-3607077738-3465792719-500\S-1-5-21-2213769524-3607077738-3465792719-500
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2004-08-09 23:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 05:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 05:41:54 56320 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll (Microsoft Corporation)
[1] 2004-08-09 23:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)
[1] 2004-08-09 23:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2004-08-09 23:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Lang\Lang
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\svchost.exe
[1] 2004-08-09 23:00:00 14336 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe (Microsoft Corporation)
[1] 2008-04-14 05:42:38 14336 C:\WINDOWS\ServicePackFiles\i386\svchost.exe (Microsoft Corporation)
[1] 2008-04-14 05:42:38 14336 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe (Microsoft Corporation)
[1] 2004-08-09 23:00:00 14336 C:\WINDOWS\system32\dllcache\svchost.exe (Microsoft Corporation)
[1] 2004-08-09 23:00:00 14336 C:\WINDOWS\system32\svchost.exe ()
Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\good\good
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Cookies\Cookies
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\History\History.IE5\History.IE5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00000\MCE00000
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00001\MCE00001
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00002\MCE00002
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00003\MCE00003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00004\MCE00004
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00005\MCE00005
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00006\MCE00006
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00007\MCE00007
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00008\MCE00008
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00009\MCE00009
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\nsv171B.tmp\nsv171B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\nsv192.tmp\nsv192.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\SBCYahoo_SMB_600000\SBCYahoo_SMB_600000
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8ZYO6DOG\8ZYO6DOG
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\D7C88N5N\D7C88N5N
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\TempRec\TempSBE\TempSBE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\ZAP1D.tmp\ZAP1D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\ZAP1F.tmp\ZAP1F.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Finished!
PhilliePhan 171 Central Scrutinizer Team Colleague
Knock on wood, but this might make things easier.... :)
You should have this handy:
http://swandog46.geekstogo.com/avenger.zip
-- Extract Avenger.exe from the ZIP to your Desktop
You'll probably have to copy the below to notepad and put it on the Desktop and then C&P it:
-- Highlight the complete text in Red below and copy it using Ctrl+C or RightClick > Copy:
Files to move:
C:\WINDOWS\SYSTEM32\logevent.dll | C:\WINDOWS\SYSTEM32\eventlog.dll
-- Now, DoubleClick avenger.exe on your desktop to run it
-- Read the Warning Prompt and press OK
-- Paste the script you just copied into the textbox, using Ctrl+V or RightClick > Paste
-- Press Execute
-- Answer YES to the confirmation prompts and allow your computer to reboot.
In some cases, The Avenger will reboot your machine a second time. No worries.
-- After reboot, The Avenger should open a log – please post that for me.
NEXT:
Click START > RUN and then Copy&Paste the following into the command field: "%userprofile%\desktop\win32kdiag.exe" -f –r
If you type that, remember the quotes and the spaces.
That should produce a log, as well. Please post it for me.
Let me know if you ran into any difficulties along the way with these instructions and we'll go from there.
PP :)
adub 0 Junior Poster in Training
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Completed script processing.
*******************
Finished! Terminate.
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Sat Sep 12 19:30:37 2009
19:30:37: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\WINDOWS\SYSTEM32\logevent.dll|C:\WINDOWS\SYSTEM32\eventlog.dll" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
PhilliePhan 171 Central Scrutinizer Team Colleague
Great! - I'm going to need to see this one, too:
Click START > RUN and then Copy&Paste the following into the command field: "%userprofile%\desktop\win32kdiag.exe" -f –r
If that doesn't run, use a command prompt.
Make sure you post the new log rather than the previous one.
PP:)
adub 0 Junior Poster in Training
Ok I just ran the 2nd scan and it finished and I pressed the space bar to finish it...but where did the log save?
PhilliePhan 171 Central Scrutinizer Team Colleague
Ok I just ran the 2nd scan and it finished and I pressed the space bar to finish it...but where did the log save?
Should be on the desktop...
adub 0 Junior Poster in Training
I found it..it just replaces the old one. I compaired them to make sure.
Log file is located at: C:\Documents and Settings\Compaq_Administrator.JENNASPC\Desktop\Win32kDiag.txt
Removing all found mount points.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB899589\KB899589
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB899589\KB899589
Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090
Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566
Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143
Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653
Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533
Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864
Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389
Found mount point : C:\WINDOWS\assembly\GAC_32\GAC_32
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\GAC_32\GAC_32
Found mount point : C:\WINDOWS\assembly\GAC_MSIL\GAC_MSIL
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\GAC_MSIL\GAC_MSIL
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\SonicMCEBurnEngine\SonicMCEBurnEngine
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\SonicMCEBurnEngine\SonicMCEBurnEngine
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBCF.tmp\ZAPBCF.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBCF.tmp\ZAPBCF.tmp
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\temp\temp
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Config\Config
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : C:\WINDOWS\CSC\d1\d1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d1\d1
Found mount point : C:\WINDOWS\CSC\d2\d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d2\d2
Found mount point : C:\WINDOWS\CSC\d3\d3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d3\d3
Found mount point : C:\WINDOWS\CSC\d4\d4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d4\d4
Found mount point : C:\WINDOWS\CSC\d5\d5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d5\d5
Found mount point : C:\WINDOWS\CSC\d6\d6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d6\d6
Found mount point : C:\WINDOWS\CSC\d7\d7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d7\d7
Found mount point : C:\WINDOWS\CSC\d8\d8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d8\d8
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ftpcache\ftpcache
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\chsime\applets\applets
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp\applets\applets
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp98\imejp98
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\shared\res\res
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\trustlib\trustlib
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps
Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
[1] 2004-08-09 23:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)
[1] 2004-08-09 23:00:00 743936 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()
[1] 2008-04-14 05:42:22 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)
[1] 2008-04-14 05:42:22 744448 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\helpsvc.exe (Microsoft Corporation)
[1] 2004-08-09 23:00:00 743936 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PIF\PIF
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : C:\WINDOWS\setup.pss\setupupd\setupupd
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\setup.pss\setupupd\setupupd
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4ee3fbebbfecab84fe3a0e44ae24966f\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4ee3fbebbfecab84fe3a0e44ae24966f\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe
[1] 2004-10-14 20:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)
[1] 2004-12-01 00:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:34:48 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 13:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:34:48 654848 C:\WINDOWS\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 20:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB893066\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 05:35:05 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 01:12:28 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 01:12:28 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 01:12:28 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 01:12:28 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB929338\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB929969\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB935448\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB938464-v2\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944338\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944338-v2\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)
[1] 2007-12-03 10:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB953838\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB958470\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB969897\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:59 716000 C:\WINDOWS\$hf_mig$\KB971032\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB971930-IE8\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 22:35:05 718048 C:\WINDOWS\$NtUninstallKB898461$\update.exe (Microsoft Corporation)
[1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$NtUninstallKB923561$\update.exe (Microsoft Corporation)
[1] 2006-01-19 14:29:19 716000 C:\WINDOWS\$NtUninstallKB935448$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:20:44 755576 C:\WINDOWS\$NtUninstallKB946648$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB950760$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB950762$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$NtUninstallKB950974$\update.exe (Microsoft Corporation)
[1] 2007-12-03 10:25:31 755576 C:\WINDOWS\$NtUninstallKB951066$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB951376-v2$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB951698$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$NtUninstallKB951748$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$NtUninstallKB952004$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB952287$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB952954$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB954600$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB955069$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB955839$\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$NtUninstallKB956572$\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$NtUninstallKB956802$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB956803$\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\$NtUninstallKB957097$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB958644$\update.exe (Microsoft Corporation)
[1] 2007-11-30 06:18:51 755576 C:\WINDOWS\$NtUninstallKB958687$\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$NtUninstallKB958690$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$NtUninstallKB959426$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB960225$\update.exe (Microsoft Corporation)
[1] 2008-11-15 12:18:04 755576 C:\WINDOWS\$NtUninstallKB960715$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\$NtUninstallKB960803$\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:18 755576 C:\WINDOWS\$NtUninstallKB961373$\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$NtUninstallKB963027$\update.exe (Microsoft Corporation)
[1] 2008-07-09 02:38:29 755576 C:\WINDOWS\$NtUninstallKB967715$\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 18:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\4f16665ac0e64727d0b09512c7b6d40c\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 06:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe ()
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\SoftwareDistribution\Download\574548bb1821009dfc939b99bf38919d\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 08:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\7b5e86592de99471f7da9382ca63ffe3\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\update\update.exe (Microsoft Corporation)
[1] 2007-08-10 20:46:20 755576 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 20:22:56 716000 C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\update\update.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\msft\windows\windows
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\msft\windows\windows
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\policy\msft\windows\windows
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\10\policy\msft\windows\windows
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\51\msft\windows\system\system
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\51\msft\windows\system\system
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\51\policy\msft\windows\system\system
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\51\policy\msft\windows\system\system
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\msft\windows\net\net
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\msft\windows\net\net
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\policy\msft\windows\networking\networking
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\52\policy\msft\windows\networking\networking
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\msft\windows\common\common
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\msft\windows\common\common
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\policy\60\60
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\policy\60\60
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\policy\msft\msft
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\60\policy\msft\msft
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\msft\windows\windows
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\msft\windows\windows
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\policy\msft\msft
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\asms\70\policy\msft\msft
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1025\1025
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1028\1028
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1031\1031
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1037\1037
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1041\1041
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1042\1042
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\1054\1054
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\2052\2052
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\3076\3076
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-260294620-4030434168-19268273-1007\S-1-5-21-260294620-4030434168-19268273-1007
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-260294620-4030434168-19268273-1007\S-1-5-21-260294620-4030434168-19268273-1007
Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak
Cannot access: C:\WINDOWS\system32\CF22858.exe
[1] 2009-09-10 22:31:57 388608 C:\WINDOWS\system32\CF22858.exe ()
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\EMVQ99N6\EMVQ99N6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\EMVQ99N6\EMVQ99N6
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\9QE49MBF\9QE49MBF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\9QE49MBF\9QE49MBF
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1080243138-3601062268-341916335-500\S-1-5-21-1080243138-3601062268-341916335-500
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1080243138-3601062268-341916335-500\S-1-5-21-1080243138-3601062268-341916335-500
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2213769524-3607077738-3465792719-500\S-1-5-21-2213769524-3607077738-3465792719-500
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2213769524-3607077738-3465792719-500\S-1-5-21-2213769524-3607077738-3465792719-500
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Rhapsody\Rhapsody
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Rhapsody\Rhapsody
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1080243138-3601062268-341916335-500\S-1-5-21-1080243138-3601062268-341916335-500
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1080243138-3601062268-341916335-500\S-1-5-21-1080243138-3601062268-341916335-500
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2213769524-3607077738-3465792719-500\S-1-5-21-2213769524-3607077738-3465792719-500
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2213769524-3607077738-3465792719-500\S-1-5-21-2213769524-3607077738-3465792719-500
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\dhcp\dhcp
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Found mount point : C:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\export\export
Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp
Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv
Found mount point : C:\WINDOWS\system32\Lang\Lang
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\Lang\Lang
Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys
Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Found mount point : C:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\oobe\sample\sample
Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Cannot access: C:\WINDOWS\system32\svchost.exe
[1] 2004-08-09 23:00:00 14336 C:\WINDOWS\$NtService
PhilliePhan 171 Central Scrutinizer Team Colleague
Great! Now let's run combofix.
If you still have combofix on your machine, DELETE it.
Then, move that renamed combofix - I think we went with Zappafix - to the Desktop and run it and hopefully we'll get a log this time....
Let me know how this shakes out.
PP :)
adub 0 Junior Poster in Training
Ok it just finished and restarted....then it started back up again.
Now it says Preparing log report.
Do not run any programs until combofix has finished
FINDSTR: Cannot open C:\WINDOWS\system32\CF22858.exe
is it still running or is it messed up?
adub 0 Junior Poster in Training
Also the title on the window thats open is C:\ Find3M
PhilliePhan 171 Central Scrutinizer Team Colleague
Also the title on the window thats open is C:\ Find3M
I think it got stopped again.
See if there is a C:\combofix.txt
If so, post it.
If not, extract junction.exe from the Junction.zip you downloaded and place junction.exe in your C:\Windows directory.
Start a command prompt and type:
junction -s > C:\Logit.txt ENTER
Let the tool run and then post the C:\Logit.txt for me.
PP :)
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.