Jump to content

Help please!


Guest mimi2425
 Share

Recommended Posts

Guest mimi2425

About two days ago I got a about 6 pop ups and when I closed out the last one my computer did a restart on its own and when it loaded my desktop icons and task bar were gone now all I`m seeing is my wallpaper. When I press ctrl + esc it does not show up either. I brought up my task manager and tried to run my anti virus and malwarebytes I get an error message saying "Windows cannot access the specified device, path or file. You may not have the appropriate permission to access the item." I also tried running both programs in safe mode and the message I get says that I cannot run the program in safe mode. Also when i pulled up task manager I noticed "explorer.exe" was not running and when I tried to run it says that "Windows cannot access the specified device, path or file. You may not have the appropriate permission to access the item." I would really appreciate if some help, Thanks.

Link to post
Share on other sites

Guest mimi2425

Ok I see the log file but I don`t know how to get it to post it in this topic. Its finished and it say press any key to exit and I did and then the window disappears how do I copy it to paste it in in this message :rolleyes:

Link to post
Share on other sites

Guest mimi2425

OK I figured out how to copy it, lol, here is the log below :rolleyes:

Found mount point : C:\WINDOWS\Temp\slu2e2a.tmp\slu2e2a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2ecc.tmp\slu2ecc.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2eea.tmp\slu2eea.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu2f5b.tmp\slu2f5b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3061.tmp\slu3061.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3191.tmp\slu3191.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu321b.tmp\slu321b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu338b.tmp\slu338b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu33be.tmp\slu33be.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3408.tmp\slu3408.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3529.tmp\slu3529.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu357.tmp\slu357.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu363f.tmp\slu363f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3686.tmp\slu3686.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3688.tmp\slu3688.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu371f.tmp\slu371f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu375.tmp\slu375.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu379e.tmp\slu379e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu384e.tmp\slu384e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3971.tmp\slu3971.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3974.tmp\slu3974.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3998.tmp\slu3998.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu39d2.tmp\slu39d2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3b1c.tmp\slu3b1c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3baf.tmp\slu3baf.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3c2a.tmp\slu3c2a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3c7.tmp\slu3c7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3d06.tmp\slu3d06.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3de7.tmp\slu3de7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3df.tmp\slu3df.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu3e20.tmp\slu3e20.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu412c.tmp\slu412c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu41a3.tmp\slu41a3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu43f7.tmp\slu43f7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4404.tmp\slu4404.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4458.tmp\slu4458.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4494.tmp\slu4494.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu44af.tmp\slu44af.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4508.tmp\slu4508.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu45e8.tmp\slu45e8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu46c1.tmp\slu46c1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu46f0.tmp\slu46f0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu471e.tmp\slu471e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu499a.tmp\slu499a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4ac8.tmp\slu4ac8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4c43.tmp\slu4c43.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4c7f.tmp\slu4c7f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4d9.tmp\slu4d9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4d90.tmp\slu4d90.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4ead.tmp\slu4ead.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu4fb9.tmp\slu4fb9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu500f.tmp\slu500f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5024.tmp\slu5024.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu50dc.tmp\slu50dc.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu513f.tmp\slu513f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5246.tmp\slu5246.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5549.tmp\slu5549.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5556.tmp\slu5556.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu55c2.tmp\slu55c2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu56eb.tmp\slu56eb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5915.tmp\slu5915.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5a12.tmp\slu5a12.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5a16.tmp\slu5a16.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5c6.tmp\slu5c6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5c72.tmp\slu5c72.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5c9c.tmp\slu5c9c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5caf.tmp\slu5caf.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5d01.tmp\slu5d01.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5d9f.tmp\slu5d9f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5e53.tmp\slu5e53.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5ef5.tmp\slu5ef5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu5fa8.tmp\slu5fa8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu60c6.tmp\slu60c6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu60d8.tmp\slu60d8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu60e6.tmp\slu60e6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu633c.tmp\slu633c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu637b.tmp\slu637b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu640c.tmp\slu640c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu65a7.tmp\slu65a7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu65b8.tmp\slu65b8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6639.tmp\slu6639.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu665d.tmp\slu665d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu669d.tmp\slu669d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu66d.tmp\slu66d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu66e0.tmp\slu66e0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu67c0.tmp\slu67c0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6815.tmp\slu6815.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu685b.tmp\slu685b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6915.tmp\slu6915.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6919.tmp\slu6919.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6948.tmp\slu6948.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6a92.tmp\slu6a92.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6b0b.tmp\slu6b0b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6b1.tmp\slu6b1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6b52.tmp\slu6b52.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6b7e.tmp\slu6b7e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6bc1.tmp\slu6bc1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6cfb.tmp\slu6cfb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6d40.tmp\slu6d40.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6d5e.tmp\slu6d5e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6e87.tmp\slu6e87.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6e8f.tmp\slu6e8f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6edb.tmp\slu6edb.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6ef5.tmp\slu6ef5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu6fe8.tmp\slu6fe8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7140.tmp\slu7140.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu72aa.tmp\slu72aa.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7390.tmp\slu7390.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu73c7.tmp\slu73c7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu73f1.tmp\slu73f1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu75be.tmp\slu75be.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7681.tmp\slu7681.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7692.tmp\slu7692.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu76a.tmp\slu76a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7778.tmp\slu7778.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7867.tmp\slu7867.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu78b1.tmp\slu78b1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu78d1.tmp\slu78d1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu793b.tmp\slu793b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu79a2.tmp\slu79a2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7a4.tmp\slu7a4.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7aa.tmp\slu7aa.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7acd.tmp\slu7acd.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7cc3.tmp\slu7cc3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7cd7.tmp\slu7cd7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7d5d.tmp\slu7d5d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7d78.tmp\slu7d78.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7d9f.tmp\slu7d9f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7e29.tmp\slu7e29.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7e33.tmp\slu7e33.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7e6.tmp\slu7e6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu7fc2.tmp\slu7fc2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu846.tmp\slu846.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slu874.tmp\slu874.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slua73.tmp\slua73.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\sluc66.tmp\sluc66.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\sluca1.tmp\sluca1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\slud35.tmp\slud35.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\sluee8.tmp\sluee8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\sluf24.tmp\sluf24.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\sluf79.tmp\sluf79.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\tismsi\aucache\aucache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\tismsi\iaudata\_aucache\_aucache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\wsst\wsst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\_ISTMP1.DIR\_ISTMP1.DIR

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\TWAIN32\TWAIN32

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18

e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.507

27.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Finished! Press any key to exit...

Link to post
Share on other sites

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Link to post
Share on other sites

Guest mimi2425

OK now I can see the task bar and my icons, here is the Win2klog

Running from: C:\Documents and Settings\HP_Owner\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\HP_Owner\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP103.tmp\ZAP103.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP103.tmp\ZAP103.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP197.tmp\ZAP197.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP197.tmp\ZAP197.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7A6.tmp\ZAP7A6.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7A6.tmp\ZAP7A6.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA72.tmp\ZAPA72.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA72.tmp\ZAPA72.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB21.tmp\ZAPB21.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB21.tmp\ZAPB21.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCA9.tmp\ZAPCA9.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCA9.tmp\ZAPCA9.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCCF.tmp\ZAPCCF.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCCF.tmp\ZAPCCF.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Cannot access: C:\WINDOWS\explorer.exe

Attempting to restore permissions of : C:\WINDOWS\explorer.exe

Found mount point : C:\WINDOWS\Fonts\STORM (X)\STORM (X)

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Fonts\STORM (X)\STORM (X)

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\Internet Logs\Internet Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Internet Logs\Internet Logs

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\Microsoft .NET Framework 3.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\Microsoft .NET Framework 3.0

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\mui\mui

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\backup\backup

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Adobe\update\update

Found mount point : C:\WINDOWS\system32\ar\ar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ar\ar

Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer\iTunes\iTunes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer\iTunes\iTunes

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\ErrorLogs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\ErrorLogs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView\SampleView

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView\SampleView

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Apple Computer\iTunes\iTunes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Apple Computer\iTunes\iTunes

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Custom Buttons

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Custom Buttons

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Found mount point : C:\WINDOWS\system32\cz\cz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\cz\cz

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\DirectX\websetup\websetup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\websetup\websetup

Found mount point : C:\WINDOWS\system32\dn\dn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dn\dn

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Found mount point : C:\WINDOWS\system32\du\du

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\du\du

Cannot access: C:\WINDOWS\system32\dumprep.exe

Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe

Found mount point : C:\WINDOWS\system32\en\en

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\en\en

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 15:00:00 55808 C:\WINDOWS\LastGood\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)

[1] 2004-08-04 08:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2004-08-04 15:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-04 15:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

[2] 2004-08-04 15:00:00 55808 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP509\A0183106.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\fi\fi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\fi\fi

Found mount point : C:\WINDOWS\system32\fr\fr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\fr\fr

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Found mount point : C:\WINDOWS\system32\ge\ge

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ge\ge

Found mount point : C:\WINDOWS\system32\gr\gr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\gr\gr

Found mount point : C:\WINDOWS\system32\he\he

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\he\he

Found mount point : C:\WINDOWS\system32\hu\hu

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\hu\hu

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Found mount point : C:\WINDOWS\system32\it\it

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\it\it

Found mount point : C:\WINDOWS\system32\jp\jp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\jp\jp

Found mount point : C:\WINDOWS\system32\ko\ko

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ko\ko

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Found mount point : C:\WINDOWS\system32\Macromed\update\New\common\common

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Macromed\update\New\common\common

Found mount point : C:\WINDOWS\system32\Macromed\update\New\flash\flash

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Macromed\update\New\flash\flash

Found mount point : C:\WINDOWS\system32\Macromed\update\New\Shockwave 10\xtras\xtras

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Macromed\update\New\Shockwave 10\xtras\xtras

Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\no\no

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\no\no

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\pg\pg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\pg\pg

Found mount point : C:\WINDOWS\system32\po\po

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\po\po

Found mount point : C:\WINDOWS\system32\ru\ru

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ru\ru

Found mount point : C:\WINDOWS\system32\sc\sc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\sc\sc

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\sl\sl

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\sl\sl

Found mount point : C:\WINDOWS\system32\sp\sp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\sp\sp

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\sw\sw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\sw\sw

Found mount point : C:\WINDOWS\system32\tc\tc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\tc\tc

Found mount point : C:\WINDOWS\system32\ti\ti

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ti\ti

Found mount point : C:\WINDOWS\system32\tk\tk

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\tk\tk

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Cannot access: C:\WINDOWS\system32\wbem\wmiprvse.exe

Attempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exe

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Cannot access: C:\WINDOWS\system32\wuauclt.exe

Attempting to restore permissions of : C:\WINDOWS\system32\wuauclt.exe

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\Temp\2022wrd.~lk\3886wrdata.~lk\3886wrdata.~lk

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\2022wrd.~lk\3886wrdata.~lk\3886wrdata.~lk

Found mount point : C:\WINDOWS\Temp\2022wrd.~lk\8839wrdata.~lk\8839wrdata.~lk

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\2022wrd.~lk\8839wrdata.~lk\8839wrdata.~lk

Found mount point : C:\WINDOWS\Temp\mdf1581.tmp\mdf1581.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf1581.tmp\mdf1581.tmp

Found mount point : C:\WINDOWS\Temp\mdfdf9.tmp\mdfdf9.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdfdf9.tmp\mdfdf9.tmp

Found mount point : C:\WINDOWS\Temp\slu1127.tmp\slu1127.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1127.tmp\slu1127.tmp

Found mount point : C:\WINDOWS\Temp\slu11c3.tmp\slu11c3.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu11c3.tmp\slu11c3.tmp

Found mount point : C:\WINDOWS\Temp\slu1238.tmp\slu1238.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1238.tmp\slu1238.tmp

Found mount point : C:\WINDOWS\Temp\slu1298.tmp\slu1298.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1298.tmp\slu1298.tmp

Found mount point : C:\WINDOWS\Temp\slu12b3.tmp\slu12b3.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu12b3.tmp\slu12b3.tmp

Found mount point : C:\WINDOWS\Temp\slu1357.tmp\slu1357.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1357.tmp\slu1357.tmp

Found mount point : C:\WINDOWS\Temp\slu1476.tmp\slu1476.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1476.tmp\slu1476.tmp

Found mount point : C:\WINDOWS\Temp\slu14d0.tmp\slu14d0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu14d0.tmp\slu14d0.tmp

Found mount point : C:\WINDOWS\Temp\slu14ff.tmp\slu14ff.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu14ff.tmp\slu14ff.tmp

Found mount point : C:\WINDOWS\Temp\slu1583.tmp\slu1583.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1583.tmp\slu1583.tmp

Found mount point : C:\WINDOWS\Temp\slu159f.tmp\slu159f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu159f.tmp\slu159f.tmp

Found mount point : C:\WINDOWS\Temp\slu16a9.tmp\slu16a9.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu16a9.tmp\slu16a9.tmp

Found mount point : C:\WINDOWS\Temp\slu1774.tmp\slu1774.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1774.tmp\slu1774.tmp

Found mount point : C:\WINDOWS\Temp\slu1883.tmp\slu1883.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1883.tmp\slu1883.tmp

Found mount point : C:\WINDOWS\Temp\slu1914.tmp\slu1914.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1914.tmp\slu1914.tmp

Found mount point : C:\WINDOWS\Temp\slu19d1.tmp\slu19d1.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu19d1.tmp\slu19d1.tmp

Found mount point : C:\WINDOWS\Temp\slu1a30.tmp\slu1a30.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1a30.tmp\slu1a30.tmp

Found mount point : C:\WINDOWS\Temp\slu1b4e.tmp\slu1b4e.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1b4e.tmp\slu1b4e.tmp

Found mount point : C:\WINDOWS\Temp\slu1bd6.tmp\slu1bd6.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1bd6.tmp\slu1bd6.tmp

Found mount point : C:\WINDOWS\Temp\slu1f9f.tmp\slu1f9f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu1f9f.tmp\slu1f9f.tmp

Found mount point : C:\WINDOWS\Temp\slu20cd.tmp\slu20cd.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu20cd.tmp\slu20cd.tmp

Found mount point : C:\WINDOWS\Temp\slu213b.tmp\slu213b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu213b.tmp\slu213b.tmp

Found mount point : C:\WINDOWS\Temp\slu21da.tmp\slu21da.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu21da.tmp\slu21da.tmp

Found mount point : C:\WINDOWS\Temp\slu233e.tmp\slu233e.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu233e.tmp\slu233e.tmp

Found mount point : C:\WINDOWS\Temp\slu23c6.tmp\slu23c6.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu23c6.tmp\slu23c6.tmp

Found mount point : C:\WINDOWS\Temp\slu243a.tmp\slu243a.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu243a.tmp\slu243a.tmp

Found mount point : C:\WINDOWS\Temp\slu2553.tmp\slu2553.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2553.tmp\slu2553.tmp

Found mount point : C:\WINDOWS\Temp\slu272b.tmp\slu272b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu272b.tmp\slu272b.tmp

Found mount point : C:\WINDOWS\Temp\slu273b.tmp\slu273b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu273b.tmp\slu273b.tmp

Found mount point : C:\WINDOWS\Temp\slu27aa.tmp\slu27aa.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu27aa.tmp\slu27aa.tmp

Found mount point : C:\WINDOWS\Temp\slu27ee.tmp\slu27ee.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu27ee.tmp\slu27ee.tmp

Found mount point : C:\WINDOWS\Temp\slu287a.tmp\slu287a.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu287a.tmp\slu287a.tmp

Found mount point : C:\WINDOWS\Temp\slu287b.tmp\slu287b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu287b.tmp\slu287b.tmp

Found mount point : C:\WINDOWS\Temp\slu2a6f.tmp\slu2a6f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2a6f.tmp\slu2a6f.tmp

Found mount point : C:\WINDOWS\Temp\slu2b10.tmp\slu2b10.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2b10.tmp\slu2b10.tmp

Found mount point : C:\WINDOWS\Temp\slu2b66.tmp\slu2b66.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2b66.tmp\slu2b66.tmp

Found mount point : C:\WINDOWS\Temp\slu2bb7.tmp\slu2bb7.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2bb7.tmp\slu2bb7.tmp

Found mount point : C:\WINDOWS\Temp\slu2c50.tmp\slu2c50.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2c50.tmp\slu2c50.tmp

Found mount point : C:\WINDOWS\Temp\slu2c74.tmp\slu2c74.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2c74.tmp\slu2c74.tmp

Found mount point : C:\WINDOWS\Temp\slu2c76.tmp\slu2c76.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2c76.tmp\slu2c76.tmp

Found mount point : C:\WINDOWS\Temp\slu2c88.tmp\slu2c88.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2c88.tmp\slu2c88.tmp

Found mount point : C:\WINDOWS\Temp\slu2de.tmp\slu2de.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2de.tmp\slu2de.tmp

Found mount point : C:\WINDOWS\Temp\slu2e08.tmp\slu2e08.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2e08.tmp\slu2e08.tmp

Found mount point : C:\WINDOWS\Temp\slu2e2a.tmp\slu2e2a.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2e2a.tmp\slu2e2a.tmp

Found mount point : C:\WINDOWS\Temp\slu2ecc.tmp\slu2ecc.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2ecc.tmp\slu2ecc.tmp

Found mount point : C:\WINDOWS\Temp\slu2eea.tmp\slu2eea.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2eea.tmp\slu2eea.tmp

Found mount point : C:\WINDOWS\Temp\slu2f5b.tmp\slu2f5b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu2f5b.tmp\slu2f5b.tmp

Found mount point : C:\WINDOWS\Temp\slu3061.tmp\slu3061.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3061.tmp\slu3061.tmp

Found mount point : C:\WINDOWS\Temp\slu3191.tmp\slu3191.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3191.tmp\slu3191.tmp

Found mount point : C:\WINDOWS\Temp\slu321b.tmp\slu321b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu321b.tmp\slu321b.tmp

Found mount point : C:\WINDOWS\Temp\slu338b.tmp\slu338b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu338b.tmp\slu338b.tmp

Found mount point : C:\WINDOWS\Temp\slu33be.tmp\slu33be.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu33be.tmp\slu33be.tmp

Found mount point : C:\WINDOWS\Temp\slu3408.tmp\slu3408.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3408.tmp\slu3408.tmp

Found mount point : C:\WINDOWS\Temp\slu3529.tmp\slu3529.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3529.tmp\slu3529.tmp

Found mount point : C:\WINDOWS\Temp\slu357.tmp\slu357.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu357.tmp\slu357.tmp

Found mount point : C:\WINDOWS\Temp\slu363f.tmp\slu363f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu363f.tmp\slu363f.tmp

Found mount point : C:\WINDOWS\Temp\slu3686.tmp\slu3686.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3686.tmp\slu3686.tmp

Found mount point : C:\WINDOWS\Temp\slu3688.tmp\slu3688.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3688.tmp\slu3688.tmp

Found mount point : C:\WINDOWS\Temp\slu371f.tmp\slu371f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu371f.tmp\slu371f.tmp

Found mount point : C:\WINDOWS\Temp\slu375.tmp\slu375.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu375.tmp\slu375.tmp

Found mount point : C:\WINDOWS\Temp\slu379e.tmp\slu379e.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu379e.tmp\slu379e.tmp

Found mount point : C:\WINDOWS\Temp\slu384e.tmp\slu384e.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu384e.tmp\slu384e.tmp

Found mount point : C:\WINDOWS\Temp\slu3971.tmp\slu3971.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3971.tmp\slu3971.tmp

Found mount point : C:\WINDOWS\Temp\slu3974.tmp\slu3974.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3974.tmp\slu3974.tmp

Found mount point : C:\WINDOWS\Temp\slu3998.tmp\slu3998.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3998.tmp\slu3998.tmp

Found mount point : C:\WINDOWS\Temp\slu39d2.tmp\slu39d2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu39d2.tmp\slu39d2.tmp

Found mount point : C:\WINDOWS\Temp\slu3b1c.tmp\slu3b1c.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3b1c.tmp\slu3b1c.tmp

Found mount point : C:\WINDOWS\Temp\slu3baf.tmp\slu3baf.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3baf.tmp\slu3baf.tmp

Found mount point : C:\WINDOWS\Temp\slu3c2a.tmp\slu3c2a.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3c2a.tmp\slu3c2a.tmp

Found mount point : C:\WINDOWS\Temp\slu3c7.tmp\slu3c7.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3c7.tmp\slu3c7.tmp

Found mount point : C:\WINDOWS\Temp\slu3d06.tmp\slu3d06.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3d06.tmp\slu3d06.tmp

Found mount point : C:\WINDOWS\Temp\slu3de7.tmp\slu3de7.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3de7.tmp\slu3de7.tmp

Found mount point : C:\WINDOWS\Temp\slu3df.tmp\slu3df.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3df.tmp\slu3df.tmp

Found mount point : C:\WINDOWS\Temp\slu3e20.tmp\slu3e20.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu3e20.tmp\slu3e20.tmp

Found mount point : C:\WINDOWS\Temp\slu412c.tmp\slu412c.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu412c.tmp\slu412c.tmp

Found mount point : C:\WINDOWS\Temp\slu41a3.tmp\slu41a3.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu41a3.tmp\slu41a3.tmp

Found mount point : C:\WINDOWS\Temp\slu43f7.tmp\slu43f7.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu43f7.tmp\slu43f7.tmp

Found mount point : C:\WINDOWS\Temp\slu4404.tmp\slu4404.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4404.tmp\slu4404.tmp

Found mount point : C:\WINDOWS\Temp\slu4458.tmp\slu4458.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4458.tmp\slu4458.tmp

Found mount point : C:\WINDOWS\Temp\slu4494.tmp\slu4494.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4494.tmp\slu4494.tmp

Found mount point : C:\WINDOWS\Temp\slu44af.tmp\slu44af.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu44af.tmp\slu44af.tmp

Found mount point : C:\WINDOWS\Temp\slu4508.tmp\slu4508.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4508.tmp\slu4508.tmp

Found mount point : C:\WINDOWS\Temp\slu45e8.tmp\slu45e8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu45e8.tmp\slu45e8.tmp

Found mount point : C:\WINDOWS\Temp\slu46c1.tmp\slu46c1.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu46c1.tmp\slu46c1.tmp

Found mount point : C:\WINDOWS\Temp\slu46f0.tmp\slu46f0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu46f0.tmp\slu46f0.tmp

Found mount point : C:\WINDOWS\Temp\slu471e.tmp\slu471e.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu471e.tmp\slu471e.tmp

Found mount point : C:\WINDOWS\Temp\slu499a.tmp\slu499a.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu499a.tmp\slu499a.tmp

Found mount point : C:\WINDOWS\Temp\slu4ac8.tmp\slu4ac8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4ac8.tmp\slu4ac8.tmp

Found mount point : C:\WINDOWS\Temp\slu4c43.tmp\slu4c43.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4c43.tmp\slu4c43.tmp

Found mount point : C:\WINDOWS\Temp\slu4c7f.tmp\slu4c7f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4c7f.tmp\slu4c7f.tmp

Found mount point : C:\WINDOWS\Temp\slu4d9.tmp\slu4d9.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4d9.tmp\slu4d9.tmp

Found mount point : C:\WINDOWS\Temp\slu4d90.tmp\slu4d90.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4d90.tmp\slu4d90.tmp

Found mount point : C:\WINDOWS\Temp\slu4ead.tmp\slu4ead.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4ead.tmp\slu4ead.tmp

Found mount point : C:\WINDOWS\Temp\slu4fb9.tmp\slu4fb9.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu4fb9.tmp\slu4fb9.tmp

Found mount point : C:\WINDOWS\Temp\slu500f.tmp\slu500f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu500f.tmp\slu500f.tmp

Found mount point : C:\WINDOWS\Temp\slu5024.tmp\slu5024.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5024.tmp\slu5024.tmp

Found mount point : C:\WINDOWS\Temp\slu50dc.tmp\slu50dc.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu50dc.tmp\slu50dc.tmp

Found mount point : C:\WINDOWS\Temp\slu513f.tmp\slu513f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu513f.tmp\slu513f.tmp

Found mount point : C:\WINDOWS\Temp\slu5246.tmp\slu5246.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5246.tmp\slu5246.tmp

Found mount point : C:\WINDOWS\Temp\slu5549.tmp\slu5549.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5549.tmp\slu5549.tmp

Found mount point : C:\WINDOWS\Temp\slu5556.tmp\slu5556.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5556.tmp\slu5556.tmp

Found mount point : C:\WINDOWS\Temp\slu55c2.tmp\slu55c2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu55c2.tmp\slu55c2.tmp

Found mount point : C:\WINDOWS\Temp\slu56eb.tmp\slu56eb.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu56eb.tmp\slu56eb.tmp

Found mount point : C:\WINDOWS\Temp\slu5915.tmp\slu5915.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5915.tmp\slu5915.tmp

Found mount point : C:\WINDOWS\Temp\slu5a12.tmp\slu5a12.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5a12.tmp\slu5a12.tmp

Found mount point : C:\WINDOWS\Temp\slu5a16.tmp\slu5a16.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5a16.tmp\slu5a16.tmp

Found mount point : C:\WINDOWS\Temp\slu5c6.tmp\slu5c6.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5c6.tmp\slu5c6.tmp

Found mount point : C:\WINDOWS\Temp\slu5c72.tmp\slu5c72.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5c72.tmp\slu5c72.tmp

Found mount point : C:\WINDOWS\Temp\slu5c9c.tmp\slu5c9c.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5c9c.tmp\slu5c9c.tmp

Found mount point : C:\WINDOWS\Temp\slu5caf.tmp\slu5caf.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5caf.tmp\slu5caf.tmp

Found mount point : C:\WINDOWS\Temp\slu5d01.tmp\slu5d01.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5d01.tmp\slu5d01.tmp

Found mount point : C:\WINDOWS\Temp\slu5d9f.tmp\slu5d9f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5d9f.tmp\slu5d9f.tmp

Found mount point : C:\WINDOWS\Temp\slu5e53.tmp\slu5e53.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5e53.tmp\slu5e53.tmp

Found mount point : C:\WINDOWS\Temp\slu5ef5.tmp\slu5ef5.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5ef5.tmp\slu5ef5.tmp

Found mount point : C:\WINDOWS\Temp\slu5fa8.tmp\slu5fa8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu5fa8.tmp\slu5fa8.tmp

Found mount point : C:\WINDOWS\Temp\slu60c6.tmp\slu60c6.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu60c6.tmp\slu60c6.tmp

Found mount point : C:\WINDOWS\Temp\slu60d8.tmp\slu60d8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu60d8.tmp\slu60d8.tmp

Found mount point : C:\WINDOWS\Temp\slu60e6.tmp\slu60e6.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu60e6.tmp\slu60e6.tmp

Found mount point : C:\WINDOWS\Temp\slu633c.tmp\slu633c.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu633c.tmp\slu633c.tmp

Found mount point : C:\WINDOWS\Temp\slu637b.tmp\slu637b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu637b.tmp\slu637b.tmp

Found mount point : C:\WINDOWS\Temp\slu640c.tmp\slu640c.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu640c.tmp\slu640c.tmp

Found mount point : C:\WINDOWS\Temp\slu65a7.tmp\slu65a7.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu65a7.tmp\slu65a7.tmp

Found mount point : C:\WINDOWS\Temp\slu65b8.tmp\slu65b8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu65b8.tmp\slu65b8.tmp

Found mount point : C:\WINDOWS\Temp\slu6639.tmp\slu6639.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6639.tmp\slu6639.tmp

Found mount point : C:\WINDOWS\Temp\slu665d.tmp\slu665d.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu665d.tmp\slu665d.tmp

Found mount point : C:\WINDOWS\Temp\slu669d.tmp\slu669d.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu669d.tmp\slu669d.tmp

Found mount point : C:\WINDOWS\Temp\slu66d.tmp\slu66d.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu66d.tmp\slu66d.tmp

Found mount point : C:\WINDOWS\Temp\slu66e0.tmp\slu66e0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu66e0.tmp\slu66e0.tmp

Found mount point : C:\WINDOWS\Temp\slu67c0.tmp\slu67c0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu67c0.tmp\slu67c0.tmp

Found mount point : C:\WINDOWS\Temp\slu6815.tmp\slu6815.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6815.tmp\slu6815.tmp

Found mount point : C:\WINDOWS\Temp\slu685b.tmp\slu685b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu685b.tmp\slu685b.tmp

Found mount point : C:\WINDOWS\Temp\slu6915.tmp\slu6915.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6915.tmp\slu6915.tmp

Found mount point : C:\WINDOWS\Temp\slu6919.tmp\slu6919.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6919.tmp\slu6919.tmp

Found mount point : C:\WINDOWS\Temp\slu6948.tmp\slu6948.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6948.tmp\slu6948.tmp

Found mount point : C:\WINDOWS\Temp\slu6a92.tmp\slu6a92.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6a92.tmp\slu6a92.tmp

Found mount point : C:\WINDOWS\Temp\slu6b0b.tmp\slu6b0b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6b0b.tmp\slu6b0b.tmp

Found mount point : C:\WINDOWS\Temp\slu6b1.tmp\slu6b1.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6b1.tmp\slu6b1.tmp

Found mount point : C:\WINDOWS\Temp\slu6b52.tmp\slu6b52.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6b52.tmp\slu6b52.tmp

Found mount point : C:\WINDOWS\Temp\slu6b7e.tmp\slu6b7e.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6b7e.tmp\slu6b7e.tmp

Found mount point : C:\WINDOWS\Temp\slu6bc1.tmp\slu6bc1.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6bc1.tmp\slu6bc1.tmp

Found mount point : C:\WINDOWS\Temp\slu6cfb.tmp\slu6cfb.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6cfb.tmp\slu6cfb.tmp

Found mount point : C:\WINDOWS\Temp\slu6d40.tmp\slu6d40.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6d40.tmp\slu6d40.tmp

Found mount point : C:\WINDOWS\Temp\slu6d5e.tmp\slu6d5e.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6d5e.tmp\slu6d5e.tmp

Found mount point : C:\WINDOWS\Temp\slu6e87.tmp\slu6e87.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6e87.tmp\slu6e87.tmp

Found mount point : C:\WINDOWS\Temp\slu6e8f.tmp\slu6e8f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6e8f.tmp\slu6e8f.tmp

Found mount point : C:\WINDOWS\Temp\slu6edb.tmp\slu6edb.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6edb.tmp\slu6edb.tmp

Found mount point : C:\WINDOWS\Temp\slu6ef5.tmp\slu6ef5.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6ef5.tmp\slu6ef5.tmp

Found mount point : C:\WINDOWS\Temp\slu6fe8.tmp\slu6fe8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu6fe8.tmp\slu6fe8.tmp

Found mount point : C:\WINDOWS\Temp\slu7140.tmp\slu7140.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7140.tmp\slu7140.tmp

Found mount point : C:\WINDOWS\Temp\slu72aa.tmp\slu72aa.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu72aa.tmp\slu72aa.tmp

Found mount point : C:\WINDOWS\Temp\slu7390.tmp\slu7390.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7390.tmp\slu7390.tmp

Found mount point : C:\WINDOWS\Temp\slu73c7.tmp\slu73c7.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu73c7.tmp\slu73c7.tmp

Found mount point : C:\WINDOWS\Temp\slu73f1.tmp\slu73f1.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu73f1.tmp\slu73f1.tmp

Found mount point : C:\WINDOWS\Temp\slu75be.tmp\slu75be.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu75be.tmp\slu75be.tmp

Found mount point : C:\WINDOWS\Temp\slu7681.tmp\slu7681.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7681.tmp\slu7681.tmp

Found mount point : C:\WINDOWS\Temp\slu7692.tmp\slu7692.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7692.tmp\slu7692.tmp

Found mount point : C:\WINDOWS\Temp\slu76a.tmp\slu76a.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu76a.tmp\slu76a.tmp

Found mount point : C:\WINDOWS\Temp\slu7778.tmp\slu7778.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7778.tmp\slu7778.tmp

Found mount point : C:\WINDOWS\Temp\slu7867.tmp\slu7867.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7867.tmp\slu7867.tmp

Found mount point : C:\WINDOWS\Temp\slu78b1.tmp\slu78b1.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu78b1.tmp\slu78b1.tmp

Found mount point : C:\WINDOWS\Temp\slu78d1.tmp\slu78d1.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu78d1.tmp\slu78d1.tmp

Found mount point : C:\WINDOWS\Temp\slu793b.tmp\slu793b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu793b.tmp\slu793b.tmp

Found mount point : C:\WINDOWS\Temp\slu79a2.tmp\slu79a2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu79a2.tmp\slu79a2.tmp

Found mount point : C:\WINDOWS\Temp\slu7a4.tmp\slu7a4.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7a4.tmp\slu7a4.tmp

Found mount point : C:\WINDOWS\Temp\slu7aa.tmp\slu7aa.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7aa.tmp\slu7aa.tmp

Found mount point : C:\WINDOWS\Temp\slu7acd.tmp\slu7acd.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7acd.tmp\slu7acd.tmp

Found mount point : C:\WINDOWS\Temp\slu7cc3.tmp\slu7cc3.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7cc3.tmp\slu7cc3.tmp

Found mount point : C:\WINDOWS\Temp\slu7cd7.tmp\slu7cd7.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7cd7.tmp\slu7cd7.tmp

Found mount point : C:\WINDOWS\Temp\slu7d5d.tmp\slu7d5d.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7d5d.tmp\slu7d5d.tmp

Found mount point : C:\WINDOWS\Temp\slu7d78.tmp\slu7d78.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7d78.tmp\slu7d78.tmp

Found mount point : C:\WINDOWS\Temp\slu7d9f.tmp\slu7d9f.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7d9f.tmp\slu7d9f.tmp

Found mount point : C:\WINDOWS\Temp\slu7e29.tmp\slu7e29.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7e29.tmp\slu7e29.tmp

Found mount point : C:\WINDOWS\Temp\slu7e33.tmp\slu7e33.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7e33.tmp\slu7e33.tmp

Found mount point : C:\WINDOWS\Temp\slu7e6.tmp\slu7e6.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7e6.tmp\slu7e6.tmp

Found mount point : C:\WINDOWS\Temp\slu7fc2.tmp\slu7fc2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu7fc2.tmp\slu7fc2.tmp

Found mount point : C:\WINDOWS\Temp\slu846.tmp\slu846.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu846.tmp\slu846.tmp

Found mount point : C:\WINDOWS\Temp\slu874.tmp\slu874.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slu874.tmp\slu874.tmp

Found mount point : C:\WINDOWS\Temp\slua73.tmp\slua73.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slua73.tmp\slua73.tmp

Found mount point : C:\WINDOWS\Temp\sluc66.tmp\sluc66.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\sluc66.tmp\sluc66.tmp

Found mount point : C:\WINDOWS\Temp\sluca1.tmp\sluca1.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\sluca1.tmp\sluca1.tmp

Found mount point : C:\WINDOWS\Temp\slud35.tmp\slud35.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\slud35.tmp\slud35.tmp

Found mount point : C:\WINDOWS\Temp\sluee8.tmp\sluee8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\sluee8.tmp\sluee8.tmp

Found mount point : C:\WINDOWS\Temp\sluf24.tmp\sluf24.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\sluf24.tmp\sluf24.tmp

Found mount point : C:\WINDOWS\Temp\sluf79.tmp\sluf79.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\sluf79.tmp\sluf79.tmp

Found mount point : C:\WINDOWS\Temp\tismsi\aucache\aucache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\tismsi\aucache\aucache

Found mount point : C:\WINDOWS\Temp\tismsi\iaudata\_aucache\_aucache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\tismsi\iaudata\_aucache\_aucache

Found mount point : C:\WINDOWS\Temp\wsst\wsst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\wsst\wsst

Found mount point : C:\WINDOWS\Temp\_ISTMP1.DIR\_ISTMP1.DIR

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\_ISTMP1.DIR\_ISTMP1.DIR

Found mount point : C:\WINDOWS\TWAIN32\TWAIN32

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\TWAIN32\TWAIN32

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Finished!

Link to post
Share on other sites

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Guest mimi2425

I tried running combo fix but it keeps telling me that I have Norton running but i removed it via add and remove programs and did a restart and tried running combo fix again and its still saying its running , I also checked to see if its running in my task manager but its not running. should i still run combo fix?

Link to post
Share on other sites

Guest mimi2425

Here is the log

Scanning for infected files . . .

This typically doesn't take more than 10 minutes

However, scan times for badly infected machines may easily double

Completed Stage_1

Completed Stage_2

Completed Stage_3

Completed Stage_4

Completed Stage_5

Completed Stage_6

Completed Stage_6A

Completed Stage_7

Completed Stage_8

Completed Stage_9

Completed Stage_10

Completed Stage_11

Completed Stage_12

Completed Stage_13

Completed Stage_14

Completed Stage_15

Completed Stage_16

Completed Stage_17

Completed Stage_18

Completed Stage_19

Completed Stage_19B

Completed Stage_20

Completed Stage_21

Completed Stage_22

Completed Stage_23

Completed Stage_24

Completed Stage_25

Completed Stage_26

Completed Stage_27

Completed Stage_28

Completed Stage_29

Completed Stage_30

Completed Stage_31

Completed Stage_32

Completed Stage_32A

Completed Stage_33

Completed Stage_34

Completed Stage_35

Completed Stage_36

Completed Stage_37

Completed Stage_38

Completed Stage_39

Completed Stage_40

Completed Stage_41

Completed Stage_42

Completed Stage_43

Completed Stage_44

Completed Stage_45

Completed Stage_46

Completed Stage_47

Completed Stage_48

Completed Stage_49

Completed Stage_50

Link to post
Share on other sites

Guest mimi2425

I cannot navigate to C:\ComboFix. Its says the file does not exist when i tried running it from the task manager. I cannot go to start/run because my start bar is not there. I did run Combofix from my desktop via task manager and it ran then did a reboot. I do not know or see any log file to post.

Link to post
Share on other sites

We Need to check for Rootkits with RootRepeal

  1. Download RootRepeal from the following location and save it to your desktop.

[*]Rar Mirrors - Only if you know what a RAR is and can extract it.

[*]Extract RootRepeal.exe from the archive.

[*]Open rootRepealDesktopIcon.png on your desktop.

[*]Click the reportTab.png tab.

[*]Click the btnScan.png button.

[*]Check all seven boxes: checkBoxes2.png

[*]Push Ok

[*]Check the box for your main system drive (Usually C:), and press Ok.

[*]Allow RootRepeal to run a scan of your system. This may take some time.

[*]Once the scan completes, push the saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Link to post
Share on other sites

Guest mimi2425

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/09/20 13:14

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name: 1394BUS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS

Address: 0xF7899000 Size: 53248 File Visible: - Signed: -

Status: -

Name: ACEDRV06.sys

Image Path: C:\WINDOWS\system32\drivers\ACEDRV06.sys

Address: 0xEFEC3000 Size: 393216 File Visible: - Signed: -

Status: -

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF77DA000 Size: 187776 File Visible: - Signed: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -

Status: -

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xF4AFA000 Size: 138368 File Visible: - Signed: -

Status: -

Name: AGRSM.sys

Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys

Address: 0xF6DEB000 Size: 1268128 File Visible: - Signed: -

Status: -

Name: ALCXWDM.SYS

Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS

Address: 0xF6B78000 Size: 2279424 File Visible: - Signed: -

Status: -

Name: amdk7.sys

Image Path: C:\WINDOWS\system32\DRIVERS\amdk7.sys

Address: 0xF79B9000 Size: 37376 File Visible: - Signed: -

Status: -

Name: arp1394.sys

Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys

Address: 0xF6F90000 Size: 60800 File Visible: - Signed: -

Status: -

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF7792000 Size: 95360 File Visible: - Signed: -

Status: -

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -

Status: -

Name: audstub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys

Address: 0xF7E45000 Size: 3072 File Visible: - Signed: -

Status: -

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF7D5D000 Size: 4224 File Visible: - Signed: -

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7C39000 Size: 12288 File Visible: - Signed: -

Status: -

Name: cdrom.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xF79D9000 Size: 49536 File Visible: - Signed: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF7869000 Size: 53248 File Visible: - Signed: -

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF7859000 Size: 36352 File Visible: - Signed: -

Status: -

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xF79F9000 Size: 61440 File Visible: - Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xF4863000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7D8B000 Size: 8192 File Visible: No Signed: -

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xF7CB9000 Size: 12288 File Visible: - Signed: -

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF000000 Size: 73728 File Visible: - Signed: -

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7E17000 Size: 4096 File Visible: - Signed: -

Status: -

Name: eeCtrl.sys

Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

Address: 0xF49E1000 Size: 385024 File Visible: - Signed: -

Status: -

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xF48F6000 Size: 143360 File Visible: - Signed: -

Status: -

Name: fasttx2k.sys

Image Path: fasttx2k.sys

Address: 0xF776F000 Size: 142336 File Visible: - Signed: -

Status: -

Name: fdc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys

Address: 0xF7BD9000 Size: 27392 File Visible: - Signed: -

Status: -

Name: fetnd5bv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

Address: 0xF7A09000 Size: 42496 File Visible: - Signed: -

Status: -

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xF6FB0000 Size: 34944 File Visible: - Signed: -

Status: -

Name: flpydisk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys

Address: 0xF7C09000 Size: 20480 File Visible: - Signed: -

Status: -

Name: fltMgr.sys

Image Path: fltMgr.sys

Address: 0xF7737000 Size: 128896 File Visible: - Signed: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF7D5B000 Size: 7936 File Visible: - Signed: -

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF77AA000 Size: 125056 File Visible: - Signed: -

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806EC000 Size: 131968 File Visible: - Signed: -

Status: -

Name: HIDCLASS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS

Address: 0xF6F60000 Size: 36864 File Visible: - Signed: -

Status: -

Name: HIDPARSE.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS

Address: 0xF7C19000 Size: 28672 File Visible: - Signed: -

Status: -

Name: hidusb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys

Address: 0xF4C17000 Size: 9600 File Visible: - Signed: -

Status: -

Name: imapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xF79C9000 Size: 41856 File Visible: - Signed: -

Status: -

Name: ipfltdrv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

Address: 0xF7A69000 Size: 32896 File Visible: - Signed: -

Status: -

Name: ipnat.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xF4A3F000 Size: 134912 File Visible: - Signed: -

Status: -

Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xF4B9C000 Size: 74752 File Visible: - Signed: -

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF7829000 Size: 35840 File Visible: - Signed: -

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xF7BF9000 Size: 24576 File Visible: - Signed: -

Status: -

Name: kbdhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys

Address: 0xF4C13000 Size: 14848 File Visible: - Signed: -

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7D29000 Size: 8192 File Visible: - Signed: -

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xF6DC8000 Size: 143360 File Visible: - Signed: -

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF770E000 Size: 92544 File Visible: - Signed: -

Status: -

Name: LHidFilt.Sys

Image Path: C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

Address: 0xF7B21000 Size: 28672 File Visible: - Signed: -

Status: -

Name: LMouFilt.Sys

Image Path: C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

Address: 0xF7B29000 Size: 30208 File Visible: - Signed: -

Status: -

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF7D5F000 Size: 4224 File Visible: - Signed: -

Status: -

Name: Modem.SYS

Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS

Address: 0xF7BC1000 Size: 30080 File Visible: - Signed: -

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xF7C01000 Size: 23040 File Visible: - Signed: -

Status: -

Name: mouhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys

Address: 0xF4C0F000 Size: 12160 File Visible: - Signed: -

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF7839000 Size: 42240 File Visible: - Signed: -

Status: -

Name: mrxdav.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys

Address: 0xEFC8F000 Size: 179584 File Visible: - Signed: -

Status: -

Name: mrxsmb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Address: 0xF4A60000 Size: 453632 File Visible: - Signed: -

Status: -

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF7C29000 Size: 19072 File Visible: - Signed: -

Status: -

Name: msgpc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xF7A59000 Size: 35072 File Visible: - Signed: -

Status: -

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xF70A7000 Size: 15488 File Visible: - Signed: -

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF7639000 Size: 107904 File Visible: - Signed: -

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF7654000 Size: 182912 File Visible: - Signed: -

Status: -

Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xF7D1D000 Size: 9600 File Visible: - Signed: -

Status: -

Name: ndisuio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0xEFF47000 Size: 12928 File Visible: - Signed: -

Status: -

Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xF6B2C000 Size: 91776 File Visible: - Signed: -

Status: -

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF7A99000 Size: 38016 File Visible: - Signed: -

Status: -

Name: netbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys

Address: 0xF6FD0000 Size: 34560 File Visible: - Signed: -

Status: -

Name: netbt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xF4B1C000 Size: 162816 File Visible: - Signed: -

Status: -

Name: nic1394.sys

Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys

Address: 0xF78C9000 Size: 61824 File Visible: - Signed: -

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF7C31000 Size: 30848 File Visible: - Signed: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF7681000 Size: 574464 File Visible: - Signed: -

Status: -

Name: ntoskrnl.exe

Image Path: C:\WINDOWS\system32\ntoskrnl.exe

Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7EFD000 Size: 2944 File Visible: - Signed: -

Status: -

Name: ohci1394.sys

Image Path: ohci1394.sys

Address: 0xF7889000 Size: 61056 File Visible: - Signed: -

Status: -

Name: parport.sys

Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys

Address: 0xF6B43000 Size: 80128 File Visible: - Signed: -

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF7AB1000 Size: 18688 File Visible: - Signed: -

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF77C9000 Size: 68224 File Visible: - Signed: -

Status: -

Name: pciide.sys

Image Path: pciide.sys

Address: 0xF7DF1000 Size: 3328 File Visible: - Signed: -

Status: -

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xF7AA9000 Size: 28672 File Visible: - Signed: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -

Status: -

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xF6B57000 Size: 135168 File Visible: - Signed: -

Status: -

Name: psched.sys

Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys

Address: 0xF6B1B000 Size: 69120 File Visible: - Signed: -

Status: -

Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xF7BE9000 Size: 17792 File Visible: - Signed: -

Status: -

Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xF7CC1000 Size: 8832 File Visible: - Signed: -

Status: -

Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xF7A29000 Size: 51328 File Visible: - Signed: -

Status: -

Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xF7A39000 Size: 41472 File Visible: - Signed: -

Status: -

Name: raspptp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xF7A49000 Size: 48384 File Visible: - Signed: -

Status: -

Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xF7BF1000 Size: 16512 File Visible: - Signed: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -

Status: -

Name: rdbss.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xF4ACF000 Size: 174592 File Visible: - Signed: -

Status: -

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF7D61000 Size: 4224 File Visible: - Signed: -

Status: -

Name: redbook.sys

Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xF79E9000 Size: 57472 File Visible: - Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xEF473000 Size: 49152 File Visible: No Signed: -

Status: -

Name: SCSIPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS

Address: 0xF7757000 Size: 98304 File Visible: - Signed: -

Status: -

Name: serenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys

Address: 0xF7D19000 Size: 15488 File Visible: - Signed: -

Status: -

Name: serial.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys

Address: 0xF7A19000 Size: 64896 File Visible: - Signed: -

Status: -

Name: SISAGPX.sys

Image Path: SISAGPX.sys

Address: 0xF7879000 Size: 36992 File Visible: - Signed: -

Status: -

Name: sr.sys

Image Path: sr.sys

Address: 0xF7725000 Size: 73472 File Visible: - Signed: -

Status: -

Name: srv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0xEFBED000 Size: 333184 File Visible: - Signed: -

Status: -

Name: srvkp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srvkp.sys

Address: 0xF7CC9000 Size: 12160 File Visible: - Signed: -

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF7D55000 Size: 4352 File Visible: - Signed: -

Status: -

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xEF965000 Size: 60800 File Visible: - Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xF4B44000 Size: 360320 File Visible: - Signed: -

Status: -

Name: TDI.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Address: 0xF7BE1000 Size: 20480 File Visible: - Signed: -

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xF7A79000 Size: 40704 File Visible: - Signed: -

Status: -

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xF5C1F000 Size: 209408 File Visible: - Signed: -

Status: -

Name: usbccgp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys

Address: 0xF7B01000 Size: 31616 File Visible: - Signed: -

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF7D57000 Size: 8192 File Visible: - Signed: -

Status: -

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF7BD1000 Size: 26624 File Visible: - Signed: -

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xF6FF0000 Size: 57600 File Visible: - Signed: -

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xF6DA5000 Size: 143360 File Visible: - Signed: -

Status: -

Name: USBSTOR.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

Address: 0xF7B19000 Size: 26496 File Visible: - Signed: -

Status: -

Name: usbuhci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Address: 0xF7BC9000 Size: 20480 File Visible: - Signed: -

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF7C21000 Size: 20992 File Visible: - Signed: -

Status: -

Name: viaagp1.sys

Image Path: viaagp1.sys

Address: 0xF7AB9000 Size: 27904 File Visible: - Signed: -

Status: -

Name: viaide.sys

Image Path: viaide.sys

Address: 0xF7D2D000 Size: 5376 File Visible: - Signed: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xF6F21000 Size: 81920 File Visible: - Signed: -

Status: -

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF7849000 Size: 52352 File Visible: - Signed: -

Status: -

Name: vtdisp.dll

Image Path: C:\WINDOWS\System32\vtdisp.dll

Address: 0xBF012000 Size: 3448832 File Visible: - Signed: -

Status: -

Name: vtmini.sys

Image Path: C:\WINDOWS\system32\DRIVERS\vtmini.sys

Address: 0xF6F35000 Size: 172672 File Visible: - Signed: -

Status: -

Name: wanarp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Address: 0xF6FA0000 Size: 34560 File Visible: - Signed: -

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF7B31000 Size: 20480 File Visible: - Signed: -

Status: -

Name: Wdf01000.sys

Image Path: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

Address: 0xF487B000 Size: 503808 File Visible: - Signed: -

Status: -

Name: WDFLDR.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS

Address: 0xF78E9000 Size: 53248 File Visible: - Signed: -

Status: -

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xEF890000 Size: 82944 File Visible: - Signed: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF7D2B000 Size: 8192 File Visible: - Signed: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -

Status: -

Link to post
Share on other sites

Guest mimi2425

Here is the combo fix log...

ComboFix 09-09-23.02 - HP_Owner 09/24/2009 17:07.3.1 - NTFSx86

Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\All Users\Start Menu\Programs\Uninstall.lnk

c:\recycler\S-1-5-21-199960019-3932292435-3705872623-1003

c:\recycler\S-1-5-21-3094934009-3710619629-778282832-1009

c:\windows\Config\aveol.bak1

c:\windows\Config\aveol.bak2

c:\windows\Config\aveol.ini

c:\windows\Config\aveol.ini2

c:\windows\Config\aveol.tmp

c:\windows\Fonts\._posto_b.ttf

c:\windows\Fonts\._postoffice.ttf

c:\windows\Installer\15a63d2.msp

c:\windows\Installer\18d029a.msi

c:\windows\Installer\18d02a0.msi

c:\windows\Installer\18d02a7.msi

c:\windows\Installer\18d02af.msi

c:\windows\Installer\18d02b6.msi

c:\windows\Installer\18d02bc.msi

c:\windows\Installer\18d02c3.msi

c:\windows\Installer\18d02cb.msi

c:\windows\Installer\18d02d3.msi

c:\windows\Installer\18d02db.msi

c:\windows\Installer\18d02e3.msi

c:\windows\Installer\18d02ea.msi

c:\windows\Installer\18d02f1.msi

c:\windows\Installer\18d02f9.msi

c:\windows\Installer\18d0301.msi

c:\windows\Installer\18d0309.msi

c:\windows\Installer\18d0311.msi

c:\windows\Installer\18d0319.msi

c:\windows\Installer\18d0321.msi

c:\windows\Installer\18d0329.msi

c:\windows\Installer\18d0331.msi

c:\windows\Installer\18d0339.msi

c:\windows\Installer\18d0341.msi

c:\windows\Installer\18d0348.msi

c:\windows\Installer\18d034e.msi

c:\windows\Installer\18d0355.msi

c:\windows\Installer\18d035d.msi

c:\windows\Installer\18d0363.msi

c:\windows\Installer\18d036a.msi

c:\windows\Installer\1c7d0b8.msi

c:\windows\Installer\6c50f5.msi

c:\windows\Installer\84b76c.msi

c:\windows\Installer\93cee5.msp

c:\windows\system32\bjlpykyl.ini

c:\windows\system32\bjmqjfsx.ini

c:\windows\system32\brengavm.ini

c:\windows\system32\ccehsnmb.ini

c:\windows\system32\coawcwxx.ini

c:\windows\system32\csgwxrkx.ini

c:\windows\system32\ctoptrub.ini

c:\windows\system32\cwxepgrm.ini

c:\windows\system32\decmppyt.ini

c:\windows\system32\dfsrxjgh.ini

c:\windows\system32\dijyyoky.ini

c:\windows\system32\ditecrse.ini

c:\windows\system32\dpqmiupx.ini

c:\windows\system32\drivers\halrthsv.sys

c:\windows\system32\epsqyugp.ini

c:\windows\system32\eumdmyhu.ini

c:\windows\system32\ffkjoduy.ini

c:\windows\system32\fggprvsh.ini

c:\windows\system32\fgixlfkc.ini

c:\windows\system32\ghulviam.ini

c:\windows\system32\ghvsynxp.ini

c:\windows\system32\guahmlel.ini

c:\windows\system32\gwgvusnc.ini

c:\windows\system32\gyyeoinp.ini

c:\windows\system32\hjuyayik.ini

c:\windows\system32\hpcdjehs.ini

c:\windows\system32\hptygtyt.ini

c:\windows\system32\hsukykna.ini

c:\windows\system32\huntiolt.ini

c:\windows\system32\hwwsryjr.ini

c:\windows\system32\iiaeynlx.ini

c:\windows\system32\irtppups.ini

c:\windows\system32\ivvfijne.ini

c:\windows\system32\ixwxjkle.ini

c:\windows\system32\jfuvsqgb.ini

c:\windows\system32\jjtpclqh.ini

c:\windows\system32\jqxwyelk.ini

c:\windows\system32\jtoxsofl.ini

c:\windows\system32\jvaadqfi.ini

c:\windows\system32\jvsrnhsx.ini

c:\windows\system32\kpwytntw.ini

c:\windows\system32\kwccxjkc.ini

c:\windows\system32\kwplomjj.ini

c:\windows\system32\lbpjfcew.ini

c:\windows\system32\lcdauvyt.ini

c:\windows\system32\lcsoqgfj.ini

c:\windows\system32\lmdyqnvh.ini

c:\windows\system32\lpomkurb.ini

c:\windows\system32\lqnpsbll.ini

c:\windows\system32\lttheddd.ini

c:\windows\system32\lykcrqur.ini

c:\windows\system32\mcxjtsxi.ini

c:\windows\system32\mjiqmyjn.ini

c:\windows\system32\mpuuwuyq.ini

c:\windows\system32\msludjct.ini

c:\windows\system32\naymsvpk.ini

c:\windows\system32\neejqbpd.ini

c:\windows\system32\pfpxnqot.ini

c:\windows\system32\pguwasbw.ini

c:\windows\system32\phptjgyn.ini

c:\windows\system32\ps2.bat

c:\windows\system32\qdcrmkjs.ini

c:\windows\system32\qfjeupxs.ini

c:\windows\system32\qjluexjm.ini

c:\windows\system32\rcahtcdl.ini

c:\windows\system32\rchopaxa.ini

c:\windows\system32\romqnmtn.ini

c:\windows\system32\rprklajv.ini

c:\windows\system32\saqfhsai.ini

c:\windows\system32\shjapyqk.ini

c:\windows\system32\sleoiufy.ini

c:\windows\system32\smcwgblr.ini

c:\windows\system32\stswhdxf.ini

c:\windows\system32\tcgcxgws.ini

c:\windows\system32\tkvbgqro.ini

c:\windows\system32\tojkewnb.ini

c:\windows\system32\tqnlbjsm.ini

c:\windows\system32\uagrsepc.ini

c:\windows\system32\udgovaso.ini

c:\windows\system32\uofhxofi.ini

c:\windows\system32\uqnfprao.ini

c:\windows\system32\uxwupfhu.ini

c:\windows\system32\vfatyxnb.ini

c:\windows\system32\vwkjljpr.ini

c:\windows\system32\vwrwxwfx.ini

c:\windows\system32\vxgvyxrp.ini

c:\windows\system32\weuwsjmw.ini

c:\windows\system32\wsilerys.ini

c:\windows\system32\wvambhfu.ini

c:\windows\system32\wvrmdqjw.ini

c:\windows\system32\wxtiiflw.ini

c:\windows\system32\xaekpebw.ini

c:\windows\system32\xllrxjec.ini

c:\windows\system32\yhtcyiye.ini

c:\windows\system32\ytogpaqb.ini

c:\windows\system32\yxgtkglt.ini

c:\windows\viassary-hp.reg

D:\Autorun.inf

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\system32\dllcache\eventlog.dll

--------

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_iptgetut

-------\Service_iptgetut

((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))

.

2009-09-16 01:24 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-09-16 01:24 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-09-13 18:05 . 2001-08-17 18:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll

2009-09-13 18:04 . 2001-08-18 02:36 43008 -c--a-w- c:\windows\system32\dllcache\esucm.dll

2009-09-13 18:03 . 2001-08-17 16:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys

2009-09-13 18:02 . 2001-08-18 02:36 419357 -c--a-w- c:\windows\system32\dllcache\dgconfig.dll

2009-09-13 18:01 . 2001-08-17 17:58 9344 -c--a-w- c:\windows\system32\dllcache\compbatt.sys

2009-09-13 18:00 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2009-09-13 17:59 . 2004-08-04 04:56 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll

2009-09-13 17:58 . 2004-08-04 04:56 3135 -c--a-w- c:\windows\system32\dllcache\adv08nt5.dll

2009-09-13 17:08 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-13 17:08 . 2009-09-13 17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-13 17:08 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-13 15:39 . 2009-09-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-09-13 15:39 . 2009-09-13 15:39 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com

2009-09-13 15:20 . 2009-09-13 17:03 -------- d-----w- c:\program files\Design Science

2009-09-12 17:49 . 2009-09-12 17:49 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Tific

2009-09-12 17:49 . 2009-09-12 17:49 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Tific

2009-09-11 22:23 . 2009-09-16 01:28 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Adobe

2009-09-11 17:39 . 2009-09-11 17:39 -------- d-----w- c:\program files\Windows Sidebar

2009-09-11 17:39 . 2009-09-14 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-09-11 17:38 . 2009-09-11 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-18 21:20 . 2009-08-21 17:39 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IMVU

2009-09-14 23:26 . 2007-11-26 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-09-14 23:26 . 2004-08-08 14:56 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-09-14 15:16 . 2004-11-27 00:33 458728 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-13 17:05 . 2004-08-07 21:16 -------- d-----w- c:\program files\Microsoft ActiveSync

2009-09-13 17:02 . 2009-08-13 23:25 -------- d-----w- c:\program files\Astraware

2009-09-11 17:39 . 2007-11-26 03:44 -------- d-----w- c:\program files\Symantec

2009-09-11 17:39 . 2007-11-26 03:45 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2009-09-11 17:39 . 2007-11-26 03:45 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-09-11 17:39 . 2007-11-26 03:45 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-09-11 17:39 . 2007-11-26 03:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-09-01 01:50 . 2009-08-09 14:19 -------- d-----w- c:\program files\QuickTime

2009-09-01 01:50 . 2004-08-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-08-30 02:58 . 2009-08-21 17:39 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IMVUClient

2009-08-19 20:19 . 2009-08-19 20:19 -------- d-----w- c:\program files\PocketRAR

2009-08-19 16:07 . 2009-08-19 16:07 -------- d-----w- c:\program files\MSBuild

2009-08-19 16:03 . 2009-08-19 16:03 -------- d-----w- c:\program files\MSXML 6.0

2009-08-14 03:39 . 2009-08-14 03:39 -------- d-----w- c:\program files\Handmark

2009-08-12 22:14 . 2009-02-21 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2009-08-11 05:02 . 2009-08-11 05:02 -------- d-----w- c:\program files\JB Piano

2009-08-09 14:23 . 2004-08-07 21:03 -------- d-----w- c:\program files\Common Files\Real

2009-08-09 14:23 . 2009-08-09 14:23 -------- d-----w- c:\program files\Common Files\xing shared

2009-08-09 14:23 . 2003-03-19 10:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-08-09 14:23 . 2003-02-21 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-08-09 14:18 . 2009-08-09 14:18 -------- d-----w- c:\program files\Apple Software Update

2009-08-09 14:18 . 2009-08-09 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-08-05 09:11 . 2004-08-07 18:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-02 14:38 . 2009-02-21 02:21 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Thinstall

2009-08-02 14:37 . 2004-12-19 07:02 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-01 00:22 . 2009-03-15 02:24 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-08-01 00:21 . 2004-08-07 19:36 -------- d-----w- c:\program files\Java

2009-07-31 19:04 . 2004-08-07 21:15 -------- d-----w- c:\program files\Microsoft.NET

2009-07-30 01:18 . 2009-07-28 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-07-28 21:34 . 2007-04-04 11:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\U3

2009-07-28 18:45 . 2009-07-28 18:45 46128 ----a-w- c:\windows\system32\DLLPRF32.DAT

2009-07-28 17:53 . 2009-07-28 17:53 0 ----a-w- c:\windows\system32\MX_SHARE.DAT

2009-07-28 16:30 . 2009-07-28 16:30 -------- d-----w- c:\program files\Kaspersky Lab

2009-07-28 16:20 . 2009-07-28 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-07-28 02:52 . 2005-09-16 23:44 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer

2009-07-28 02:49 . 2009-07-28 02:49 5632 --sha-w- c:\program files\Thumbs.db

2009-07-28 02:49 . 2007-10-14 12:08 -------- d-----w- c:\program files\Windows Media Connect 2

2009-07-28 02:49 . 2004-11-27 01:18 -------- d-----w- c:\program files\Quicken

2009-07-28 02:49 . 2004-11-27 16:17 -------- d-----w- c:\program files\PhotoDeluxe HE 3.0

2009-07-28 02:49 . 2004-08-07 21:02 -------- d-----w- c:\program files\MSN Encarta Standard

2009-07-28 02:32 . 2004-08-07 21:34 -------- d-----w- c:\program files\Help and Support Additions

2009-07-17 18:55 . 2004-08-07 18:46 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 03:43 . 2004-08-07 18:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-02 00:50 . 2009-07-02 00:50 16 ----a-w- c:\windows\popcinfo.dat

2009-07-01 04:03 . 2009-07-01 04:03 720896 ----a-w- c:\windows\iun6002ev.exe

2009-06-29 16:12 . 2004-08-07 18:47 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2004-08-07 18:46 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2004-08-07 18:46 17408 ----a-w- c:\windows\system32\corpol.dll

2005-06-27 03:11 . 2005-06-27 03:11 1478197 ----a-w- c:\program files\testY.pdd

2005-05-30 20:15 . 2005-05-30 20:15 593466 ----a-w- c:\program files\PhotoDeluxe HE 3.GIF

2005-04-07 21:18 . 2005-04-07 19:48 67584 ----a-w- c:\program files\FinDisc04.XLS

2008-08-28 16:51 . 2008-08-10 03:32 56 --sh--r- c:\windows\system32\0D3DBC9354.sys

2009-03-18 15:40 . 2009-03-18 15:40 88 --sh--r- c:\windows\system32\285F9CC61F.sys

2009-05-04 00:59 . 2008-06-08 19:18 88 --sh--r- c:\windows\system32\5493BC3D0D.sys

.

------- Sigcheck -------

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll

[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\qmgr.dll

[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\bits\qmgr.dll

[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2007-03-29 . 65E23953D337574E549B1EF34FE0B1DA . 409600 . . [6.7.2600.3109] . . c:\windows\$hf_mig$\KB923845\SP2QFE\qmgr.dll

[7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtUninstallKB923845$\qmgr.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe

[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-01 148888]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-09 198160]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]

"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-29 805392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\Disney\Mix Central

Uninstall Disney Mix-It Plug-in and Skin.lnk - c:\windows\system32\msiexec.exe [2007-11-22 78848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:*:Disabled:DHCP Discovery Service

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]

R3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2004-04-27 152576]

S2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2006-11-09 99840]

.

Contents of the 'Scheduled Tasks' folder

2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk

Trusted Zone: imageservr.com\locator.cdn

Trusted Zone: imageservr.com\locator1.cdn

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: Yahoo! Dominoes - hxxp://origin.games.yahoo.net/games/clients/y/dot9_x.cab

FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\du6p7p60.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.startup.homepage - yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\du6p7p60.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe

AddRemove-NVIDIA GART Driver - c:\windows\system32\nvugart.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-24 17:16

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

Completion time: 2009-09-24 17:19

ComboFix-quarantined-files.txt 2009-09-24 21:18

Pre-Run: 156,673,634,304 bytes free

Post-Run: 156,729,057,280 bytes free

376 --- E O F --- 2009-09-16 15:01

Link to post
Share on other sites

Guest mimi2425

It`s running normaly like it always did. I can go on websites and run most programs from the task manager. I just cant run any Virus scans and I still cant see my icons and start bar.

Link to post
Share on other sites

  • Staff

Hi,

SpySentinel asked me to take over this topic.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

FCOPY::

c:\windows\$NtUninstallKB923845$\qmgr.dll | c:\windows\system32\qmgr.dll

c:\windows\$NtUninstallKB923845$\qmgr.dll | c:\windows\system32\bits\qmgr.dll

c:\windows\$NtUninstallKB923845$\qmgr.dll | c:\windows\system32\dllcache\qmgr.dll

c:\windows\system32\dllcache\explorer.exe | c:\windows\explorer.exe

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.