kgriffin

Okay: Here is the avenger log: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\Windows\System32\logevent.dll|C:\Windows\System32\cngaudit.dll" completed successfully. Completed script processing. ******************* Finished! Terminate. And here is the Windiag log: Running from: C:\Users\Kim\Desktop\win32kdiag.exe Log file at : C:\Users\Kim\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\Windows'... Found mount point : C:\Windows\AppPatch\Custom\Custom Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\AppPatch\Custom\Custom Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC706.tmp\ZAPC706.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC706.tmp\ZAPC706.tmp Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp Found mount point : C:\Windows\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\assembly\temp\temp Found mount point : C:\Windows\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\assembly\tmp\tmp Found mount point : C:\Windows\ConfigSetRoot\ConfigSetRoot Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ConfigSetRoot\ConfigSetRoot Found mount point : C:\Windows\ehome\CreateDisc\style\style Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ehome\CreateDisc\style\style Found mount point : C:\Windows\Globalization\Globalization Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Globalization\Globalization Found mount point : C:\Windows\Help\Corporate\Corporate Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Help\Corporate\Corporate Found mount point : C:\Windows\Help\OEM\OEM Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Help\OEM\OEM Found mount point : C:\Windows\inf\en-US\en-US Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\inf\en-US\en-US Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425 Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6425\12.0.6425 Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6425\12.0.6425 Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425 Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425 Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6425\12.0.6425 Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\LiveKernelReports\LiveKernelReports Found mount point : C:\Windows\Microsoft.NET\authman\authman Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Microsoft.NET\authman\authman Found mount point : C:\Windows\ModemLogs\ModemLogs Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ModemLogs\ModemLogs Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\msdownld.tmp\msdownld.tmp Found mount point : C:\Windows\nap\configuration\configuration Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\nap\configuration\configuration Found mount point : C:\Windows\Options\Cabs\Cabs Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Options\Cabs\Cabs Found mount point : C:\Windows\Panther\setup.exe\setup.exe Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Panther\setup.exe\setup.exe Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF Found mount point : C:\Windows\PLA\Templates\Templates Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\PLA\Templates\Templates Found mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1} Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1} Found mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6} Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6} Found mount point : C:\Windows\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Registration\CRMLog\CRMLog Found mount point : C:\Windows\SchCache\SchCache Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\SchCache\SchCache Found mount point : C:\Windows\security\templates\templates Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\security\templates\templates Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Found mount point : C:\Windows\SoftwareDistribution\Download\bd1409bd3825172e5262cca6f0336455\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\SoftwareDistribution\Download\bd1409bd3825172e5262cca6f0336455\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0 Found mount point : C:\Windows\SoftwareDistribution\Download\c452caabaad248a66aa697d8c8545eb1\$dpx$.tmp\$dpx$.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\SoftwareDistribution\Download\c452caabaad248a66aa697d8c8545eb1\$dpx$.tmp\$dpx$.tmp Could not open reparse point C:\Windows\SoftwareDistribution\Download\cc9db45d4d7a49bee9efe23f364bf80b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18795_none_656cbc830d360ee8\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18795_none_656cbc830d360ee8: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\cc9db45d4d7a49bee9efe23f364bf80b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.22886_none_66022984264aac18\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.22886_none_66022984264aac18: 3 Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache Found mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFile Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFile Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl [1] 2009-10-13 13:03:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl [1] 2009-10-13 13:03:54 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl [1] 2009-10-13 13:03:54 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl [1] 2009-10-13 13:03:54 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl [1] 2009-10-13 13:05:29 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl () Found mount point : C:\Windows\tracing\tracing Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\tracing\tracing Finished!

Downloaded RootRepeal but would not work... help!

Ran Win32Diag and this is what I got: Running from: C:\Users\Kim\Desktop\Win32kDiag.exe Log file at : C:\Users\Kim\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\Windows'... Found mount point : C:\Windows\AppPatch\Custom\Custom Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC706.tmp\ZAPC706.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ConfigSetRoot\ConfigSetRoot Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ehome\CreateDisc\style\style Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Globalization\Globalization Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Help\Corporate\Corporate Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Help\OEM\OEM Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\inf\en-US\en-US Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Microsoft.NET\authman\authman Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ModemLogs\ModemLogs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\nap\configuration\configuration Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Options\Cabs\Cabs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Panther\setup.exe\setup.exe Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\PLA\Templates\Templates Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1} Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6} Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SchCache\SchCache Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\security\templates\templates Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\bd1409bd3825172e5262cca6f0336455\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\c452caabaad248a66aa697d8c8545eb1\$dpx$.tmp\$dpx$.tmp Mount point destination : \Device\__max++>\^ Could not open reparse point C:\Windows\SoftwareDistribution\Download\cc9db45d4d7a49bee9efe23f364bf80b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18795_none_656cbc830d360ee8\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18795_none_656cbc830d360ee8: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\cc9db45d4d7a49bee9efe23f364bf80b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.22886_none_66022984264aac18\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.22886_none_66022984264aac18: 3 Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFile Mount point destination : \Device\__max++>\^ Cannot access: C:\Windows\System32\cngaudit.dll [1] 2006-11-02 05:46:03 61952 C:\Windows\System32\cngaudit.dll () [2] 2006-11-02 05:46:03 11776 C:\Windows\System32\logevent.dll (Microsoft Corporation) [1] 2006-11-02 05:46:03 11776 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll (Microsoft Corporation) Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl [1] 2009-10-07 12:22:08 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl [1] 2009-10-07 12:21:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl [1] 2009-10-07 12:21:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Hi, I'm at a complete loss as to how to proceed. I am getting only redirects with Google on IE. I downloaded and paid for a full copy of Norton Antivirus 2010 but cannot run it. I could download malware-bytes but did not have 'permission' to run it, same with hijack this, I downloaded Combofix and changed the name to combo-fix during save but when I double click, it looks like it's going to do something but then does not. I can't copy a log here for you to look at as I can't get anything to work to create a log. Any help gratefully appreciated. Cheers, Kim