View Full Version : Infected ! I think its a nasty Rootkit virus - Help
confusedsoul
2009-10-05, 13:10
Hello Security Gurus,
I think I am infected with a rootkit virus. My antivirus McAfee, Spybot, Malewarebytes all wont start. When I try to run them, it gives me a message that
"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."
I tried to follow the post as advised by Ken545
http://forums.spybot.info/showthread.php?t=52099
I did the following steps successfully but got stuck eventually. Here are the steps that I followed to the "T".
1) I downloaded RootRepeal, Win32kDiag, TFC, exeHelper, ComboFix (Saved it as another name on the desktop), and the 3 dds files.
2) I ran RootRepeal with the options suggested in the mail viz-a-viz
Drivers
Processes
SSDT
Hidden Services.
and I generated the report. (I shall post all the reports in subsequent posts so that its separated out and easier to read).
3) I ran Win32Diag and generated a report.
4) I did Start, Run and entered "%userprofile%\desktop\win32kdiag.exe" -f -r and ran the report and saved the report.
5) Thereafter I ran exeHelper and saved the report.
6) Then i followed the instructions and turned off the Antivirus programs, AVG and McAfee and shutdown pctools.
7) Here is where I got stuck.
I ran ComboFix and it said that a RootKit has been detected and I need to reboot, so I said Ok, it did reboot my PC but upon starting the ComboFix opens up and gives a message that Grep is invalid command and after that its tries to create a system restore point and then it vanishes.
This is similar to any spyware that when installed it kills the process in about 2 seconds or so.
So I was not able to run combo fix.
I am not able to proceed.
I was hoping that if I followed the instructions to the"T" of any of the security Guru's I might not need to open a new thread and trouble anyone, however, I am stuck and do need assistance.
If someone can help me, I would really appreciate it very much.
I have to go into work for the day and will be back in the evening (EDT) and will pick up from here.
In the subsequent replies to this post I will post all the logs so that one can read them.
Thanks in advance,
Kind Regards.
ConfusedSoul.
confusedsoul
2009-10-05, 13:11
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/04 22:41
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB05B2000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA614000 Size: 8192 File Visible: No Signed: -
Status: -
Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xBA6EB000 Size: 2560 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xADA7B000 Size: 49152 File Visible: No Signed: -
Status: -
Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xB090D000 Size: 20480 File Visible: No Signed: -
Status: -
Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xBA2A8000 Size: 61440 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xb9e79514
#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9e68282
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xb9e68474
#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xb9e79d00
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9e79fb8
#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xb9e783fa
#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xb9e7a422
#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9e797d8
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9e67f32
==EOF==
confusedsoul
2009-10-05, 13:13
I am uploading the Win32Diag output file.
confusedsoul
2009-10-05, 13:15
Since the file is too big, I am splitting the post into 2.
1st Part.
Running from: C:\Documents and Settings\Eli\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\Eli\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\GAC_32\System.EnterpriseServices\System.EnterpriseServices
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\GAC_MSIL\IEExecRemote\IEExecRemote
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP146.tmp\ZAP146.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP182.tmp\ZAP182.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP19.tmp\ZAP19.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP1C7.tmp\ZAP1C7.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP2A9.tmp\ZAP2A9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP378.tmp\ZAP378.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP45E.tmp\ZAP45E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP489.tmp\ZAP489.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP7B2.tmp\ZAP7B2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ERDNT\ERDNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\IME\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\IME\SHARED\RES\RES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109120000000000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\0c83f10d\b7911439\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\a2fb77d4\45440d6a\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\a2fb77d4\45440d6a\Sources_App_Code\Sources_App_Code
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\a2fb77d4\_shadow\_shadow
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\MUI\MUI
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\occache\occache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
[1] 2004-08-04 07:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)
[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe ()
[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)
confusedsoul
2009-10-05, 13:16
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PrimoPDF\PrimoPDF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe
[1] 2004-07-28 19:15:07 654336 C:\WINDOWS\$hf_mig$\KB834707\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 18:46:38 654848 C:\WINDOWS\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB873333\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB883939\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB890047\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 14:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB890923\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB893066\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB893086\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896688\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896727\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899588\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB905915\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB925720\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB926247\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB929338\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)
[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)
[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe ()
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe
[1] 2004-07-28 19:15:07 654336 C:\WINDOWS\$hf_mig$\KB834707\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 18:46:38 654848 C:\WINDOWS\$hf_mig$\KB867282\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB873333\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB883939\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB890047\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 14:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB890923\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB893066\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB893086\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB896688\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896727\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899588\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB905915\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB925720\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB926247\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB929338\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)
[1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)
[1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB971180-IE8\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)
[1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\06c06c7b51bc17c7102b0619a1cb08c2\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe ()
[1] 2007-11-30 08:39:22 755576 C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe ()
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\3COM_DMI\3COM_DMI
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3156687593-2781840335-3711123584-1003\S-1-5-21-3156687593-2781840335-3711123584-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3156687593-2781840335-3711123584-1003\S-1-5-21-3156687593-2781840335-3711123584-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\PC Tools\Spyware Doctor\quarantine\quarantine
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Real\Msg\Msg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Symantec\Symantec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\You've Got Pictures Screensaver\PictureDir\PictureDir
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3156687593-2781840335-3711123584-1003\S-1-5-21-3156687593-2781840335-3711123584-1003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\DHCP\DHCP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\DISDN
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\SYSTEM32\dumprep.exe
[1] 2004-08-04 07:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)
[1] 2008-04-13 20:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)
[1] 2008-04-13 20:12:18 10752 C:\WINDOWS\SYSTEM32\dumprep.exe ()
[1] 2004-08-04 07:00:00 10752 C:\i386\DUMPREP.EXE (Microsoft Corporation)
Cannot access: C:\WINDOWS\SYSTEM32\eventlog.dll
[1] 2004-08-04 07:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-13 20:11:53 61952 C:\WINDOWS\SYSTEM32\eventlog.dll ()
[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\SYSTEM32\logevent.dll (Microsoft Corporation)
[1] 2004-08-04 07:00:00 55808 C:\i386\EVENTLOG.DLL (Microsoft Corporation)
Found mount point : C:\WINDOWS\SYSTEM32\EXPORT\EXPORT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\FxsTmp\FxsTmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\IME\CINTLGNT\CINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\IME\PINTLGNT\PINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTLGNT
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\INETSRV\INETSRV
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDF
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\SYSTEM32\MRT.exe
[1] 2009-08-28 17:38:20 24689600 C:\WINDOWS\SYSTEM32\MRT.exe ()
[2] 2009-07-29 20:49:14 24281536 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0003182.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\SYSTEM32\MUI\DISPSPEC\DISPSPEC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPSGNUP\ISPSGNUP
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMCUST\OEMCUST
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMHW\OEMHW
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMREG\OEMREG
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\SAMPLE\SAMPLE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\WBEM\MOF\BAD\BAD
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\WINS\WINS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SYSTEM32\XIRCOM\XIRCOM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^
Finished!
confusedsoul
2009-10-05, 13:17
exeHelper by Raktor - 09
Build 20090925
Run at 23:06:08 on 10/04/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
confusedsoul
2009-10-05, 13:18
Running from: C:\Documents and Settings\Eli\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\Eli\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844
Found mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8
Found mount point : C:\WINDOWS\ASSEMBLY\GAC_32\System.EnterpriseServices\System.EnterpriseServices
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\GAC_32\System.EnterpriseServices\System.EnterpriseServices
Found mount point : C:\WINDOWS\ASSEMBLY\GAC_MSIL\IEExecRemote\IEExecRemote
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\GAC_MSIL\IEExecRemote\IEExecRemote
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP146.tmp\ZAP146.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP146.tmp\ZAP146.tmp
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP182.tmp\ZAP182.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP182.tmp\ZAP182.tmp
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP19.tmp\ZAP19.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP19.tmp\ZAP19.tmp
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP1C7.tmp\ZAP1C7.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP1C7.tmp\ZAP1C7.tmp
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP2A9.tmp\ZAP2A9.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP2A9.tmp\ZAP2A9.tmp
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP378.tmp\ZAP378.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP378.tmp\ZAP378.tmp
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP45E.tmp\ZAP45E.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP45E.tmp\ZAP45E.tmp
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP489.tmp\ZAP489.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP489.tmp\ZAP489.tmp
Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP7B2.tmp\ZAP7B2.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP7B2.tmp\ZAP7B2.tmp
Found mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Config\Config
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode
Found mount point : C:\WINDOWS\ERDNT\ERDNT
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ERDNT\ERDNT
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Found mount point : C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS
Found mount point : C:\WINDOWS\IME\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\IME\CHTIME\Applets\Applets
Found mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS
Found mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98
Found mount point : C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS
Found mount point : C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS
Found mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS
Found mount point : C:\WINDOWS\IME\SHARED\RES\RES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\IME\SHARED\RES\RES
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109120000000000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109120000000000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Found mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\0c83f10d\b7911439\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\0c83f10d\b7911439\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\a2fb77d4\45440d6a\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\a2fb77d4\45440d6a\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\a2fb77d4\45440d6a\Sources_App_Code\Sources_App_Code
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\a2fb77d4\45440d6a\Sources_App_Code\Sources_App_Code
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\a2fb77d4\_shadow\_shadow
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\ashtakavargaapplication\a2fb77d4\_shadow\_shadow
Found mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO
Found mount point : C:\WINDOWS\MUI\MUI
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\MUI\MUI
Found mount point : C:\WINDOWS\occache\occache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\occache\occache
Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\UserDumps\UserDumps
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH
Cannot access: C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
Attempting to restore permissions of : C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp
Found mount point : C:\WINDOWS\PrimoPDF\PrimoPDF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PrimoPDF\PrimoPDF
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe
Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe
Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files
Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixas\files\files
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixdts\files\files
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixns\files\files
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixrs\files\files
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixsql\files\files
Found mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQL9_KB960089_ENU\hotfixtools\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixas\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixdts\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixns\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixrs\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixsql\files\files
Found mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SQLTools9_KB960089_ENU\hotfixtools\files\files
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Found mount point : C:\WINDOWS\SYSTEM32\1025\1025
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\1025\1025
Found mount point : C:\WINDOWS\SYSTEM32\1028\1028
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\1028\1028
Found mount point : C:\WINDOWS\SYSTEM32\1031\1031
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\1031\1031
Found mount point : C:\WINDOWS\SYSTEM32\1037\1037
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\1037\1037
Found mount point : C:\WINDOWS\SYSTEM32\1041\1041
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\1041\1041
Found mount point : C:\WINDOWS\SYSTEM32\1042\1042
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\1042\1042
Found mount point : C:\WINDOWS\SYSTEM32\1054\1054
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\1054\1054
Found mount point : C:\WINDOWS\SYSTEM32\2052\2052
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\2052\2052
Found mount point : C:\WINDOWS\SYSTEM32\3076\3076
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\3076\3076
Found mount point : C:\WINDOWS\SYSTEM32\3COM_DMI\3COM_DMI
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\3COM_DMI\3COM_DMI
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3156687593-2781840335-3711123584-1003\S-1-5-21-3156687593-2781840335-3711123584-1003
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3156687593-2781840335-3711123584-1003\S-1-5-21-3156687593-2781840335-3711123584-1003
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3156687593-2781840335-3711123584-1003\S-1-5-21-3156687593-2781840335-3711123584-1003
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3156687593-2781840335-3711123584-1003\S-1-5-21-3156687593-2781840335-3711123584-1003
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Media Player\Media Player
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\PC Tools\Spyware Doctor\quarantine\quarantine
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\PC Tools\Spyware Doctor\quarantine\quarantine
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Real\Msg\Msg
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Real\Msg\Msg
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Symantec\Symantec
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Symantec\Symantec
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\You've Got Pictures Screensaver\PictureDir\PictureDir
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\You've Got Pictures Screensaver\PictureDir\PictureDir
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Desktop
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3156687593-2781840335-3711123584-1003\S-1-5-21-3156687593-2781840335-3711123584-1003
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3156687593-2781840335-3711123584-1003\S-1-5-21-3156687593-2781840335-3711123584-1003
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\temp\temp
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NetHood\NetHood
Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrintHood\PrintHood
Found mount point : C:\WINDOWS\SYSTEM32\DHCP\DHCP
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\DHCP\DHCP
Found mount point : C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\DISDN
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\DISDN
Cannot access: C:\WINDOWS\SYSTEM32\dumprep.exe
Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\dumprep.exe
Cannot access: C:\WINDOWS\SYSTEM32\eventlog.dll
Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\eventlog.dll
[1] 2004-08-04 07:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-13 20:11:53 61952 C:\WINDOWS\SYSTEM32\eventlog.dll ()
[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\SYSTEM32\logevent.dll (Microsoft Corporation)
[1] 2004-08-04 07:00:00 55808 C:\i386\EVENTLOG.DLL (Microsoft Corporation)
Found mount point : C:\WINDOWS\SYSTEM32\EXPORT\EXPORT
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\EXPORT\EXPORT
Found mount point : C:\WINDOWS\SYSTEM32\FxsTmp\FxsTmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\FxsTmp\FxsTmp
Found mount point : C:\WINDOWS\SYSTEM32\IME\CINTLGNT\CINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\IME\CINTLGNT\CINTLGNT
Found mount point : C:\WINDOWS\SYSTEM32\IME\PINTLGNT\PINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\IME\PINTLGNT\PINTLGNT
Found mount point : C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTLGNT
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTLGNT
Found mount point : C:\WINDOWS\SYSTEM32\INETSRV\INETSRV
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\INETSRV\INETSRV
Found mount point : C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDF
Cannot access: C:\WINDOWS\SYSTEM32\MRT.exe
Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\MRT.exe
Found mount point : C:\WINDOWS\SYSTEM32\MUI\DISPSPEC\DISPSPEC
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\MUI\DISPSPEC\DISPSPEC
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPSGNUP\ISPSGNUP
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPSGNUP\ISPSGNUP
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMCUST\OEMCUST
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMCUST\OEMCUST
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMHW\OEMHW
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMHW\OEMHW
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMREG\OEMREG
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMREG\OEMREG
Found mount point : C:\WINDOWS\SYSTEM32\OOBE\SAMPLE\SAMPLE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\SAMPLE\SAMPLE
Found mount point : C:\WINDOWS\SYSTEM32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\ShellExt\ShellExt
Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\PRINTERS
Found mount point : C:\WINDOWS\SYSTEM32\WBEM\MOF\BAD\BAD
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\WBEM\MOF\BAD\BAD
Found mount point : C:\WINDOWS\SYSTEM32\WINS\WINS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\WINS\WINS
Found mount point : C:\WINDOWS\SYSTEM32\XIRCOM\XIRCOM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SYSTEM32\XIRCOM\XIRCOM
Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Finished!
Hello confusedsoul :welcome:
Due to the volume of posts to your own topic, it would appear to volunteer analysts that you were already being assisted as they look for topics with no response. :eek:
Please start a new topic as per forum FAQ, "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Please wait to be advised and Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806) (Pinned Sticky topic) If the infection prevents HJT from running, please start a topic, make note of the situation and wait for a response. Please do not add logs from other scans. :)
Please note that all instructions given are customized for that member's computer only, the tools used may cause damage if run on a computer with different infections. Your symptoms may only appear to be similar. Regardless, please do not take fixes given to another user and apply to your own machine.
Also provide a link back to this thread, thanks. :)
Best regards.