Guest mimi2425 Posted September 13, 2009 ID:126148 Share Posted September 13, 2009 About two days ago I got a about 6 pop ups and when I closed out the last one my computer did a restart on its own and when it loaded my desktop icons and task bar were gone now all I`m seeing is my wallpaper. When I press ctrl + esc it does not show up either. I brought up my task manager and tried to run my anti virus and malwarebytes I get an error message saying "Windows cannot access the specified device, path or file. You may not have the appropriate permission to access the item." I also tried running both programs in safe mode and the message I get says that I cannot run the program in safe mode. Also when i pulled up task manager I noticed "explorer.exe" was not running and when I tried to run it says that "Windows cannot access the specified device, path or file. You may not have the appropriate permission to access the item." I would really appreciate if some help, Thanks. Link to post Share on other sites More sharing options...
SpySentinel Posted September 13, 2009 ID:126154 Share Posted September 13, 2009 Hi mimi2425, Welcome to Malwarebytes Please download Win32kDiag.exe by AD to the desktop. Double click on it. It will make a diagnostic and produce a report on the desktop. Post that report on your next reply: Link to post Share on other sites More sharing options...
Guest mimi2425 Posted September 13, 2009 ID:126179 Share Posted September 13, 2009 Ok I see the log file but I don`t know how to get it to post it in this topic. Its finished and it say press any key to exit and I did and then the window disappears how do I copy it to paste it in in this message Link to post Share on other sites More sharing options...
Guest mimi2425 Posted September 13, 2009 ID:126197 Share Posted September 13, 2009 OK I figured out how to copy it, lol, here is the log below Found mount point : C:\WINDOWS\Temp\slu2e2a.tmp\slu2e2a.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu2ecc.tmp\slu2ecc.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu2eea.tmp\slu2eea.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu2f5b.tmp\slu2f5b.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3061.tmp\slu3061.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3191.tmp\slu3191.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu321b.tmp\slu321b.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu338b.tmp\slu338b.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu33be.tmp\slu33be.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3408.tmp\slu3408.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3529.tmp\slu3529.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu357.tmp\slu357.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu363f.tmp\slu363f.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3686.tmp\slu3686.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3688.tmp\slu3688.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu371f.tmp\slu371f.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu375.tmp\slu375.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu379e.tmp\slu379e.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu384e.tmp\slu384e.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3971.tmp\slu3971.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3974.tmp\slu3974.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3998.tmp\slu3998.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu39d2.tmp\slu39d2.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3b1c.tmp\slu3b1c.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3baf.tmp\slu3baf.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3c2a.tmp\slu3c2a.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3c7.tmp\slu3c7.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3d06.tmp\slu3d06.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3de7.tmp\slu3de7.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3df.tmp\slu3df.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu3e20.tmp\slu3e20.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu412c.tmp\slu412c.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu41a3.tmp\slu41a3.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu43f7.tmp\slu43f7.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu4404.tmp\slu4404.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu4458.tmp\slu4458.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu4494.tmp\slu4494.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu44af.tmp\slu44af.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu4508.tmp\slu4508.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu45e8.tmp\slu45e8.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu46c1.tmp\slu46c1.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu46f0.tmp\slu46f0.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu471e.tmp\slu471e.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu499a.tmp\slu499a.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu4ac8.tmp\slu4ac8.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu4c43.tmp\slu4c43.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu4c7f.tmp\slu4c7f.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu4d9.tmp\slu4d9.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu4d90.tmp\slu4d90.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu4ead.tmp\slu4ead.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu4fb9.tmp\slu4fb9.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu500f.tmp\slu500f.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5024.tmp\slu5024.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu50dc.tmp\slu50dc.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu513f.tmp\slu513f.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5246.tmp\slu5246.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5549.tmp\slu5549.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5556.tmp\slu5556.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu55c2.tmp\slu55c2.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu56eb.tmp\slu56eb.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5915.tmp\slu5915.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5a12.tmp\slu5a12.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5a16.tmp\slu5a16.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5c6.tmp\slu5c6.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5c72.tmp\slu5c72.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5c9c.tmp\slu5c9c.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5caf.tmp\slu5caf.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5d01.tmp\slu5d01.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5d9f.tmp\slu5d9f.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5e53.tmp\slu5e53.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5ef5.tmp\slu5ef5.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu5fa8.tmp\slu5fa8.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu60c6.tmp\slu60c6.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu60d8.tmp\slu60d8.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu60e6.tmp\slu60e6.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu633c.tmp\slu633c.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu637b.tmp\slu637b.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu640c.tmp\slu640c.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu65a7.tmp\slu65a7.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu65b8.tmp\slu65b8.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6639.tmp\slu6639.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu665d.tmp\slu665d.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu669d.tmp\slu669d.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu66d.tmp\slu66d.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu66e0.tmp\slu66e0.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu67c0.tmp\slu67c0.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6815.tmp\slu6815.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu685b.tmp\slu685b.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6915.tmp\slu6915.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6919.tmp\slu6919.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6948.tmp\slu6948.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6a92.tmp\slu6a92.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6b0b.tmp\slu6b0b.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6b1.tmp\slu6b1.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6b52.tmp\slu6b52.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6b7e.tmp\slu6b7e.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6bc1.tmp\slu6bc1.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6cfb.tmp\slu6cfb.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6d40.tmp\slu6d40.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6d5e.tmp\slu6d5e.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6e87.tmp\slu6e87.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6e8f.tmp\slu6e8f.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6edb.tmp\slu6edb.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6ef5.tmp\slu6ef5.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu6fe8.tmp\slu6fe8.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7140.tmp\slu7140.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu72aa.tmp\slu72aa.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7390.tmp\slu7390.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu73c7.tmp\slu73c7.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu73f1.tmp\slu73f1.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu75be.tmp\slu75be.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7681.tmp\slu7681.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7692.tmp\slu7692.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu76a.tmp\slu76a.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7778.tmp\slu7778.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7867.tmp\slu7867.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu78b1.tmp\slu78b1.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu78d1.tmp\slu78d1.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu793b.tmp\slu793b.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu79a2.tmp\slu79a2.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7a4.tmp\slu7a4.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7aa.tmp\slu7aa.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7acd.tmp\slu7acd.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7cc3.tmp\slu7cc3.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7cd7.tmp\slu7cd7.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7d5d.tmp\slu7d5d.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7d78.tmp\slu7d78.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7d9f.tmp\slu7d9f.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7e29.tmp\slu7e29.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7e33.tmp\slu7e33.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7e6.tmp\slu7e6.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu7fc2.tmp\slu7fc2.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu846.tmp\slu846.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slu874.tmp\slu874.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slua73.tmp\slua73.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\sluc66.tmp\sluc66.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\sluca1.tmp\sluca1.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\slud35.tmp\slud35.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\sluee8.tmp\sluee8.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\sluf24.tmp\sluf24.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\sluf79.tmp\sluf79.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\tismsi\aucache\aucacheMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\tismsi\iaudata\_aucache\_aucacheMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\wsst\wsstMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Temp\_ISTMP1.DIR\_ISTMP1.DIRMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\TWAIN32\TWAIN32Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTempMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2Mount point destination : \Device\__max++>\^Finished! Press any key to exit... Link to post Share on other sites More sharing options...
SpySentinel Posted September 13, 2009 ID:126198 Share Posted September 13, 2009 Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. "%userprofile%\desktop\win32kdiag.exe" -f -rWhen it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. Link to post Share on other sites More sharing options...
Guest mimi2425 Posted September 13, 2009 ID:126202 Share Posted September 13, 2009 OK now I can see the task bar and my icons, here is the Win2klogRunning from: C:\Documents and Settings\HP_Owner\desktop\win32kdiag.exeLog file at : C:\Documents and Settings\HP_Owner\Desktop\Win32kDiag.txtRemoving all found mount points.Attempting to reset file permissions.WARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP103.tmp\ZAP103.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP103.tmp\ZAP103.tmpFound mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP197.tmp\ZAP197.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP197.tmp\ZAP197.tmpFound mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7A6.tmp\ZAP7A6.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7A6.tmp\ZAP7A6.tmpFound mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA72.tmp\ZAPA72.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA72.tmp\ZAPA72.tmpFound mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB21.tmp\ZAPB21.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB21.tmp\ZAPB21.tmpFound mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCA9.tmp\ZAPCA9.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCA9.tmp\ZAPCA9.tmpFound mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCCF.tmp\ZAPCCF.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCCF.tmp\ZAPCCF.tmpFound mount point : C:\WINDOWS\assembly\temp\tempMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\assembly\temp\tempFound mount point : C:\WINDOWS\assembly\tmp\tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\assembly\tmp\tmpFound mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1Found mount point : C:\WINDOWS\Connection Wizard\Connection WizardMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Connection Wizard\Connection WizardFound mount point : C:\WINDOWS\Debug\UserMode\UserModeMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Debug\UserMode\UserModeCannot access: C:\WINDOWS\explorer.exeAttempting to restore permissions of : C:\WINDOWS\explorer.exeFound mount point : C:\WINDOWS\Fonts\STORM (X)\STORM (X)Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Fonts\STORM (X)\STORM (X)Found mount point : C:\WINDOWS\ftpcache\ftpcacheMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\ftpcache\ftpcacheFound mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\CbzMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\CbzFound mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\LibMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\LibFound mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\WaveMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\WaveFound mount point : C:\WINDOWS\ime\chsime\applets\appletsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\ime\chsime\applets\appletsFound mount point : C:\WINDOWS\ime\CHTIME\Applets\AppletsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\AppletsFound mount point : C:\WINDOWS\ime\imejp\applets\appletsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\ime\imejp\applets\appletsFound mount point : C:\WINDOWS\ime\imejp98\imejp98Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\ime\imejp98\imejp98Found mount point : C:\WINDOWS\ime\imjp8_1\applets\appletsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\appletsFound mount point : C:\WINDOWS\ime\imkr6_1\applets\appletsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\appletsFound mount point : C:\WINDOWS\ime\imkr6_1\dicts\dictsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dictsFound mount point : C:\WINDOWS\ime\shared\res\resMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\ime\shared\res\resFound mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729Found mount point : C:\WINDOWS\Internet Logs\Internet LogsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Internet Logs\Internet LogsFound mount point : C:\WINDOWS\java\trustlib\trustlibMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\java\trustlib\trustlibFound mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET FilesMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET FilesFound mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\Microsoft .NET Framework 3.0Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\Microsoft .NET Framework 3.0Found mount point : C:\WINDOWS\msapps\msinfo\msinfoMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\msapps\msinfo\msinfoFound mount point : C:\WINDOWS\mui\muiMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\mui\muiFound mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLESMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLESFound mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFFMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFFFound mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumpsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumpsFound mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCHMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCHFound mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPointMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPointFound mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFilesMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFilesFound mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUsFound mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFSMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFSFound mount point : C:\WINDOWS\pchealth\helpctr\Temp\TempMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\TempFound mount point : C:\WINDOWS\PIF\PIFMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\PIF\PIFFound mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\WebbuyMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\WebbuyFound mount point : C:\WINDOWS\Registration\CRMLog\CRMLogMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLogFound mount point : C:\WINDOWS\setup.pss\setupupd\temp\tempMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\setup.pss\setupupd\temp\tempFound mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\DownloadedMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\DownloadedFound mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backupMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backupFound mount point : C:\WINDOWS\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\backup\backupMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4264f7fcfd0444cc62e52f55a4263036\backup\backupCannot access: C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exeAttempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\update\update.exeFound mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policyMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policyFound mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msftMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msftFound mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msftMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msftFound mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msftMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msftFound mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msftMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msftFound mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msftMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msftFound mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70Found mount point : C:\WINDOWS\Sun\Java\Deployment\DeploymentMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Sun\Java\Deployment\DeploymentFound mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDelMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDelFound mount point : C:\WINDOWS\system32\1025\1025Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\1025\1025Found mount point : C:\WINDOWS\system32\1028\1028Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\1028\1028Found mount point : C:\WINDOWS\system32\1031\1031Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\1031\1031Found mount point : C:\WINDOWS\system32\1037\1037Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\1037\1037Found mount point : C:\WINDOWS\system32\1041\1041Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\1041\1041Found mount point : C:\WINDOWS\system32\1042\1042Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\1042\1042Found mount point : C:\WINDOWS\system32\1054\1054Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\1054\1054Found mount point : C:\WINDOWS\system32\2052\2052Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\2052\2052Found mount point : C:\WINDOWS\system32\3076\3076Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\3076\3076Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmiMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmiFound mount point : C:\WINDOWS\system32\Adobe\update\updateMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\Adobe\update\updateFound mount point : C:\WINDOWS\system32\ar\arMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\ar\arFound mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bakMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bakFound mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer\iTunes\iTunesMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer\iTunes\iTunesFound mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}\{6401E5A8-BACD-4DE0-82E3-03FA191A22DB}Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\CredentialsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\CredentialsFound mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media PlayerMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media PlayerFound mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMCMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMCFound mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\CertificatesMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\CertificatesFound mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLsFound mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLsFound mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\MsgMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\MsgFound mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\ErrorLogsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\ErrorLogsFound mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView\SampleViewMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView\SampleViewFound mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cacheMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cacheFound mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\DesktopMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\DesktopFound mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Apple Computer\iTunes\iTunesMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Apple Computer\iTunes\iTunesFound mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Custom ButtonsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Custom ButtonsFound mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD BurningMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD BurningFound mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\CredentialsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\CredentialsFound mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICEMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICEFound mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHoodMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHoodFound mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHoodMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHoodFound mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\systemMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\systemFound mount point : C:\WINDOWS\system32\cz\czMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\cz\czFound mount point : C:\WINDOWS\system32\dhcp\dhcpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\dhcp\dhcpFound mount point : C:\WINDOWS\system32\DirectX\websetup\websetupMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\DirectX\websetup\websetupFound mount point : C:\WINDOWS\system32\dn\dnMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\dn\dnFound mount point : C:\WINDOWS\system32\drivers\disdn\disdnMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdnFound mount point : C:\WINDOWS\system32\du\duMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\du\duCannot access: C:\WINDOWS\system32\dumprep.exeAttempting to restore permissions of : C:\WINDOWS\system32\dumprep.exeFound mount point : C:\WINDOWS\system32\en\enMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\en\enCannot access: C:\WINDOWS\system32\eventlog.dllAttempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll[1] 2004-08-04 15:00:00 55808 C:\WINDOWS\LastGood\system32\dllcache\eventlog.dll (Microsoft Corporation)[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)[1] 2004-08-04 08:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)[1] 2004-08-04 15:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()[2] 2004-08-04 15:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)[2] 2004-08-04 15:00:00 55808 C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP509\A0183106.dll (Microsoft Corporation)Found mount point : C:\WINDOWS\system32\export\exportMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\export\exportFound mount point : C:\WINDOWS\system32\fi\fiMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\fi\fiFound mount point : C:\WINDOWS\system32\fr\frMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\fr\frFound mount point : C:\WINDOWS\system32\FxsTmp\FxsTmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\FxsTmp\FxsTmpFound mount point : C:\WINDOWS\system32\ge\geMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\ge\geFound mount point : C:\WINDOWS\system32\gr\grMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\gr\grFound mount point : C:\WINDOWS\system32\he\heMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\he\heFound mount point : C:\WINDOWS\system32\hu\huMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\hu\huFound mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNTMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNTFound mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNTMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNTFound mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNTMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNTFound mount point : C:\WINDOWS\system32\inetsrv\inetsrvMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrvFound mount point : C:\WINDOWS\system32\it\itMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\it\itFound mount point : C:\WINDOWS\system32\jp\jpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\jp\jpFound mount point : C:\WINDOWS\system32\ko\koMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\ko\koFound mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDFMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDFFound mount point : C:\WINDOWS\system32\Macromed\update\New\common\commonMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\Macromed\update\New\common\commonFound mount point : C:\WINDOWS\system32\Macromed\update\New\flash\flashMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\Macromed\update\New\flash\flashFound mount point : C:\WINDOWS\system32\Macromed\update\New\Shockwave 10\xtras\xtrasMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\Macromed\update\New\Shockwave 10\xtras\xtrasFound mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeysMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeysFound mount point : C:\WINDOWS\system32\mui\dispspec\dispspecMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspecFound mount point : C:\WINDOWS\system32\no\noMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\no\noFound mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnupMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnupFound mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcustMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcustFound mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemregMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemregFound mount point : C:\WINDOWS\system32\oobe\sample\sampleMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\oobe\sample\sampleFound mount point : C:\WINDOWS\system32\pg\pgMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\pg\pgFound mount point : C:\WINDOWS\system32\po\poMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\po\poFound mount point : C:\WINDOWS\system32\ru\ruMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\ru\ruFound mount point : C:\WINDOWS\system32\sc\scMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\sc\scFound mount point : C:\WINDOWS\system32\ShellExt\ShellExtMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExtFound mount point : C:\WINDOWS\system32\sl\slMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\sl\slFound mount point : C:\WINDOWS\system32\sp\spMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\sp\spFound mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERSMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERSFound mount point : C:\WINDOWS\system32\sw\swMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\sw\swFound mount point : C:\WINDOWS\system32\tc\tcMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\tc\tcFound mount point : C:\WINDOWS\system32\ti\tiMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\ti\tiFound mount point : C:\WINDOWS\system32\tk\tkMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\tk\tkFound mount point : C:\WINDOWS\system32\wbem\mof\bad\badMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\badFound mount point : C:\WINDOWS\system32\wbem\mof\good\goodMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\wbem\mof\good\goodFound mount point : C:\WINDOWS\system32\wbem\snmp\snmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmpCannot access: C:\WINDOWS\system32\wbem\wmiprvse.exeAttempting to restore permissions of : C:\WINDOWS\system32\wbem\wmiprvse.exeFound mount point : C:\WINDOWS\system32\wins\winsMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\wins\winsCannot access: C:\WINDOWS\system32\wuauclt.exeAttempting to restore permissions of : C:\WINDOWS\system32\wuauclt.exeFound mount point : C:\WINDOWS\system32\xircom\xircomMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\system32\xircom\xircomFound mount point : C:\WINDOWS\Temp\2022wrd.~lk\3886wrdata.~lk\3886wrdata.~lkMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\2022wrd.~lk\3886wrdata.~lk\3886wrdata.~lkFound mount point : C:\WINDOWS\Temp\2022wrd.~lk\8839wrdata.~lk\8839wrdata.~lkMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\2022wrd.~lk\8839wrdata.~lk\8839wrdata.~lkFound mount point : C:\WINDOWS\Temp\mdf1581.tmp\mdf1581.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\mdf1581.tmp\mdf1581.tmpFound mount point : C:\WINDOWS\Temp\mdfdf9.tmp\mdfdf9.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\mdfdf9.tmp\mdfdf9.tmpFound mount point : C:\WINDOWS\Temp\slu1127.tmp\slu1127.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1127.tmp\slu1127.tmpFound mount point : C:\WINDOWS\Temp\slu11c3.tmp\slu11c3.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu11c3.tmp\slu11c3.tmpFound mount point : C:\WINDOWS\Temp\slu1238.tmp\slu1238.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1238.tmp\slu1238.tmpFound mount point : C:\WINDOWS\Temp\slu1298.tmp\slu1298.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1298.tmp\slu1298.tmpFound mount point : C:\WINDOWS\Temp\slu12b3.tmp\slu12b3.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu12b3.tmp\slu12b3.tmpFound mount point : C:\WINDOWS\Temp\slu1357.tmp\slu1357.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1357.tmp\slu1357.tmpFound mount point : C:\WINDOWS\Temp\slu1476.tmp\slu1476.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1476.tmp\slu1476.tmpFound mount point : C:\WINDOWS\Temp\slu14d0.tmp\slu14d0.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu14d0.tmp\slu14d0.tmpFound mount point : C:\WINDOWS\Temp\slu14ff.tmp\slu14ff.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu14ff.tmp\slu14ff.tmpFound mount point : C:\WINDOWS\Temp\slu1583.tmp\slu1583.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1583.tmp\slu1583.tmpFound mount point : C:\WINDOWS\Temp\slu159f.tmp\slu159f.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu159f.tmp\slu159f.tmpFound mount point : C:\WINDOWS\Temp\slu16a9.tmp\slu16a9.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu16a9.tmp\slu16a9.tmpFound mount point : C:\WINDOWS\Temp\slu1774.tmp\slu1774.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1774.tmp\slu1774.tmpFound mount point : C:\WINDOWS\Temp\slu1883.tmp\slu1883.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1883.tmp\slu1883.tmpFound mount point : C:\WINDOWS\Temp\slu1914.tmp\slu1914.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1914.tmp\slu1914.tmpFound mount point : C:\WINDOWS\Temp\slu19d1.tmp\slu19d1.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu19d1.tmp\slu19d1.tmpFound mount point : C:\WINDOWS\Temp\slu1a30.tmp\slu1a30.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1a30.tmp\slu1a30.tmpFound mount point : C:\WINDOWS\Temp\slu1b4e.tmp\slu1b4e.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1b4e.tmp\slu1b4e.tmpFound mount point : C:\WINDOWS\Temp\slu1bd6.tmp\slu1bd6.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1bd6.tmp\slu1bd6.tmpFound mount point : C:\WINDOWS\Temp\slu1f9f.tmp\slu1f9f.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu1f9f.tmp\slu1f9f.tmpFound mount point : C:\WINDOWS\Temp\slu20cd.tmp\slu20cd.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu20cd.tmp\slu20cd.tmpFound mount point : C:\WINDOWS\Temp\slu213b.tmp\slu213b.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu213b.tmp\slu213b.tmpFound mount point : C:\WINDOWS\Temp\slu21da.tmp\slu21da.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu21da.tmp\slu21da.tmpFound mount point : C:\WINDOWS\Temp\slu233e.tmp\slu233e.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu233e.tmp\slu233e.tmpFound mount point : C:\WINDOWS\Temp\slu23c6.tmp\slu23c6.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu23c6.tmp\slu23c6.tmpFound mount point : C:\WINDOWS\Temp\slu243a.tmp\slu243a.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu243a.tmp\slu243a.tmpFound mount point : C:\WINDOWS\Temp\slu2553.tmp\slu2553.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2553.tmp\slu2553.tmpFound mount point : C:\WINDOWS\Temp\slu272b.tmp\slu272b.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu272b.tmp\slu272b.tmpFound mount point : C:\WINDOWS\Temp\slu273b.tmp\slu273b.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu273b.tmp\slu273b.tmpFound mount point : C:\WINDOWS\Temp\slu27aa.tmp\slu27aa.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu27aa.tmp\slu27aa.tmpFound mount point : C:\WINDOWS\Temp\slu27ee.tmp\slu27ee.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu27ee.tmp\slu27ee.tmpFound mount point : C:\WINDOWS\Temp\slu287a.tmp\slu287a.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu287a.tmp\slu287a.tmpFound mount point : C:\WINDOWS\Temp\slu287b.tmp\slu287b.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu287b.tmp\slu287b.tmpFound mount point : C:\WINDOWS\Temp\slu2a6f.tmp\slu2a6f.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2a6f.tmp\slu2a6f.tmpFound mount point : C:\WINDOWS\Temp\slu2b10.tmp\slu2b10.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2b10.tmp\slu2b10.tmpFound mount point : C:\WINDOWS\Temp\slu2b66.tmp\slu2b66.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2b66.tmp\slu2b66.tmpFound mount point : C:\WINDOWS\Temp\slu2bb7.tmp\slu2bb7.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2bb7.tmp\slu2bb7.tmpFound mount point : C:\WINDOWS\Temp\slu2c50.tmp\slu2c50.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2c50.tmp\slu2c50.tmpFound mount point : C:\WINDOWS\Temp\slu2c74.tmp\slu2c74.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2c74.tmp\slu2c74.tmpFound mount point : C:\WINDOWS\Temp\slu2c76.tmp\slu2c76.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2c76.tmp\slu2c76.tmpFound mount point : C:\WINDOWS\Temp\slu2c88.tmp\slu2c88.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2c88.tmp\slu2c88.tmpFound mount point : C:\WINDOWS\Temp\slu2de.tmp\slu2de.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2de.tmp\slu2de.tmpFound mount point : C:\WINDOWS\Temp\slu2e08.tmp\slu2e08.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2e08.tmp\slu2e08.tmpFound mount point : C:\WINDOWS\Temp\slu2e2a.tmp\slu2e2a.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2e2a.tmp\slu2e2a.tmpFound mount point : C:\WINDOWS\Temp\slu2ecc.tmp\slu2ecc.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2ecc.tmp\slu2ecc.tmpFound mount point : C:\WINDOWS\Temp\slu2eea.tmp\slu2eea.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2eea.tmp\slu2eea.tmpFound mount point : C:\WINDOWS\Temp\slu2f5b.tmp\slu2f5b.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu2f5b.tmp\slu2f5b.tmpFound mount point : C:\WINDOWS\Temp\slu3061.tmp\slu3061.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3061.tmp\slu3061.tmpFound mount point : C:\WINDOWS\Temp\slu3191.tmp\slu3191.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3191.tmp\slu3191.tmpFound mount point : C:\WINDOWS\Temp\slu321b.tmp\slu321b.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu321b.tmp\slu321b.tmpFound mount point : C:\WINDOWS\Temp\slu338b.tmp\slu338b.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu338b.tmp\slu338b.tmpFound mount point : C:\WINDOWS\Temp\slu33be.tmp\slu33be.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu33be.tmp\slu33be.tmpFound mount point : C:\WINDOWS\Temp\slu3408.tmp\slu3408.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3408.tmp\slu3408.tmpFound mount point : C:\WINDOWS\Temp\slu3529.tmp\slu3529.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3529.tmp\slu3529.tmpFound mount point : C:\WINDOWS\Temp\slu357.tmp\slu357.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu357.tmp\slu357.tmpFound mount point : C:\WINDOWS\Temp\slu363f.tmp\slu363f.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu363f.tmp\slu363f.tmpFound mount point : C:\WINDOWS\Temp\slu3686.tmp\slu3686.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3686.tmp\slu3686.tmpFound mount point : C:\WINDOWS\Temp\slu3688.tmp\slu3688.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3688.tmp\slu3688.tmpFound mount point : C:\WINDOWS\Temp\slu371f.tmp\slu371f.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu371f.tmp\slu371f.tmpFound mount point : C:\WINDOWS\Temp\slu375.tmp\slu375.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu375.tmp\slu375.tmpFound mount point : C:\WINDOWS\Temp\slu379e.tmp\slu379e.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu379e.tmp\slu379e.tmpFound mount point : C:\WINDOWS\Temp\slu384e.tmp\slu384e.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu384e.tmp\slu384e.tmpFound mount point : C:\WINDOWS\Temp\slu3971.tmp\slu3971.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3971.tmp\slu3971.tmpFound mount point : C:\WINDOWS\Temp\slu3974.tmp\slu3974.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3974.tmp\slu3974.tmpFound mount point : C:\WINDOWS\Temp\slu3998.tmp\slu3998.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3998.tmp\slu3998.tmpFound mount point : C:\WINDOWS\Temp\slu39d2.tmp\slu39d2.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu39d2.tmp\slu39d2.tmpFound mount point : C:\WINDOWS\Temp\slu3b1c.tmp\slu3b1c.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3b1c.tmp\slu3b1c.tmpFound mount point : C:\WINDOWS\Temp\slu3baf.tmp\slu3baf.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3baf.tmp\slu3baf.tmpFound mount point : C:\WINDOWS\Temp\slu3c2a.tmp\slu3c2a.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3c2a.tmp\slu3c2a.tmpFound mount point : C:\WINDOWS\Temp\slu3c7.tmp\slu3c7.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3c7.tmp\slu3c7.tmpFound mount point : C:\WINDOWS\Temp\slu3d06.tmp\slu3d06.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3d06.tmp\slu3d06.tmpFound mount point : C:\WINDOWS\Temp\slu3de7.tmp\slu3de7.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3de7.tmp\slu3de7.tmpFound mount point : C:\WINDOWS\Temp\slu3df.tmp\slu3df.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3df.tmp\slu3df.tmpFound mount point : C:\WINDOWS\Temp\slu3e20.tmp\slu3e20.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu3e20.tmp\slu3e20.tmpFound mount point : C:\WINDOWS\Temp\slu412c.tmp\slu412c.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu412c.tmp\slu412c.tmpFound mount point : C:\WINDOWS\Temp\slu41a3.tmp\slu41a3.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu41a3.tmp\slu41a3.tmpFound mount point : C:\WINDOWS\Temp\slu43f7.tmp\slu43f7.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu43f7.tmp\slu43f7.tmpFound mount point : C:\WINDOWS\Temp\slu4404.tmp\slu4404.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu4404.tmp\slu4404.tmpFound mount point : C:\WINDOWS\Temp\slu4458.tmp\slu4458.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu4458.tmp\slu4458.tmpFound mount point : C:\WINDOWS\Temp\slu4494.tmp\slu4494.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu4494.tmp\slu4494.tmpFound mount point : C:\WINDOWS\Temp\slu44af.tmp\slu44af.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu44af.tmp\slu44af.tmpFound mount point : C:\WINDOWS\Temp\slu4508.tmp\slu4508.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu4508.tmp\slu4508.tmpFound mount point : C:\WINDOWS\Temp\slu45e8.tmp\slu45e8.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu45e8.tmp\slu45e8.tmpFound mount point : C:\WINDOWS\Temp\slu46c1.tmp\slu46c1.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu46c1.tmp\slu46c1.tmpFound mount point : C:\WINDOWS\Temp\slu46f0.tmp\slu46f0.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu46f0.tmp\slu46f0.tmpFound mount point : C:\WINDOWS\Temp\slu471e.tmp\slu471e.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu471e.tmp\slu471e.tmpFound mount point : C:\WINDOWS\Temp\slu499a.tmp\slu499a.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu499a.tmp\slu499a.tmpFound mount point : C:\WINDOWS\Temp\slu4ac8.tmp\slu4ac8.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu4ac8.tmp\slu4ac8.tmpFound mount point : C:\WINDOWS\Temp\slu4c43.tmp\slu4c43.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu4c43.tmp\slu4c43.tmpFound mount point : C:\WINDOWS\Temp\slu4c7f.tmp\slu4c7f.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu4c7f.tmp\slu4c7f.tmpFound mount point : C:\WINDOWS\Temp\slu4d9.tmp\slu4d9.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu4d9.tmp\slu4d9.tmpFound mount point : C:\WINDOWS\Temp\slu4d90.tmp\slu4d90.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu4d90.tmp\slu4d90.tmpFound mount point : C:\WINDOWS\Temp\slu4ead.tmp\slu4ead.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu4ead.tmp\slu4ead.tmpFound mount point : C:\WINDOWS\Temp\slu4fb9.tmp\slu4fb9.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu4fb9.tmp\slu4fb9.tmpFound mount point : C:\WINDOWS\Temp\slu500f.tmp\slu500f.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu500f.tmp\slu500f.tmpFound mount point : C:\WINDOWS\Temp\slu5024.tmp\slu5024.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5024.tmp\slu5024.tmpFound mount point : C:\WINDOWS\Temp\slu50dc.tmp\slu50dc.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu50dc.tmp\slu50dc.tmpFound mount point : C:\WINDOWS\Temp\slu513f.tmp\slu513f.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu513f.tmp\slu513f.tmpFound mount point : C:\WINDOWS\Temp\slu5246.tmp\slu5246.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5246.tmp\slu5246.tmpFound mount point : C:\WINDOWS\Temp\slu5549.tmp\slu5549.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5549.tmp\slu5549.tmpFound mount point : C:\WINDOWS\Temp\slu5556.tmp\slu5556.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5556.tmp\slu5556.tmpFound mount point : C:\WINDOWS\Temp\slu55c2.tmp\slu55c2.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu55c2.tmp\slu55c2.tmpFound mount point : C:\WINDOWS\Temp\slu56eb.tmp\slu56eb.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu56eb.tmp\slu56eb.tmpFound mount point : C:\WINDOWS\Temp\slu5915.tmp\slu5915.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5915.tmp\slu5915.tmpFound mount point : C:\WINDOWS\Temp\slu5a12.tmp\slu5a12.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5a12.tmp\slu5a12.tmpFound mount point : C:\WINDOWS\Temp\slu5a16.tmp\slu5a16.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5a16.tmp\slu5a16.tmpFound mount point : C:\WINDOWS\Temp\slu5c6.tmp\slu5c6.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5c6.tmp\slu5c6.tmpFound mount point : C:\WINDOWS\Temp\slu5c72.tmp\slu5c72.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5c72.tmp\slu5c72.tmpFound mount point : C:\WINDOWS\Temp\slu5c9c.tmp\slu5c9c.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5c9c.tmp\slu5c9c.tmpFound mount point : C:\WINDOWS\Temp\slu5caf.tmp\slu5caf.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5caf.tmp\slu5caf.tmpFound mount point : C:\WINDOWS\Temp\slu5d01.tmp\slu5d01.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5d01.tmp\slu5d01.tmpFound mount point : C:\WINDOWS\Temp\slu5d9f.tmp\slu5d9f.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5d9f.tmp\slu5d9f.tmpFound mount point : C:\WINDOWS\Temp\slu5e53.tmp\slu5e53.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5e53.tmp\slu5e53.tmpFound mount point : C:\WINDOWS\Temp\slu5ef5.tmp\slu5ef5.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5ef5.tmp\slu5ef5.tmpFound mount point : C:\WINDOWS\Temp\slu5fa8.tmp\slu5fa8.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu5fa8.tmp\slu5fa8.tmpFound mount point : C:\WINDOWS\Temp\slu60c6.tmp\slu60c6.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu60c6.tmp\slu60c6.tmpFound mount point : C:\WINDOWS\Temp\slu60d8.tmp\slu60d8.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu60d8.tmp\slu60d8.tmpFound mount point : C:\WINDOWS\Temp\slu60e6.tmp\slu60e6.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu60e6.tmp\slu60e6.tmpFound mount point : C:\WINDOWS\Temp\slu633c.tmp\slu633c.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu633c.tmp\slu633c.tmpFound mount point : C:\WINDOWS\Temp\slu637b.tmp\slu637b.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu637b.tmp\slu637b.tmpFound mount point : C:\WINDOWS\Temp\slu640c.tmp\slu640c.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu640c.tmp\slu640c.tmpFound mount point : C:\WINDOWS\Temp\slu65a7.tmp\slu65a7.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu65a7.tmp\slu65a7.tmpFound mount point : C:\WINDOWS\Temp\slu65b8.tmp\slu65b8.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu65b8.tmp\slu65b8.tmpFound mount point : C:\WINDOWS\Temp\slu6639.tmp\slu6639.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6639.tmp\slu6639.tmpFound mount point : C:\WINDOWS\Temp\slu665d.tmp\slu665d.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu665d.tmp\slu665d.tmpFound mount point : C:\WINDOWS\Temp\slu669d.tmp\slu669d.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu669d.tmp\slu669d.tmpFound mount point : C:\WINDOWS\Temp\slu66d.tmp\slu66d.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu66d.tmp\slu66d.tmpFound mount point : C:\WINDOWS\Temp\slu66e0.tmp\slu66e0.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu66e0.tmp\slu66e0.tmpFound mount point : C:\WINDOWS\Temp\slu67c0.tmp\slu67c0.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu67c0.tmp\slu67c0.tmpFound mount point : C:\WINDOWS\Temp\slu6815.tmp\slu6815.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6815.tmp\slu6815.tmpFound mount point : C:\WINDOWS\Temp\slu685b.tmp\slu685b.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu685b.tmp\slu685b.tmpFound mount point : C:\WINDOWS\Temp\slu6915.tmp\slu6915.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6915.tmp\slu6915.tmpFound mount point : C:\WINDOWS\Temp\slu6919.tmp\slu6919.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6919.tmp\slu6919.tmpFound mount point : C:\WINDOWS\Temp\slu6948.tmp\slu6948.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6948.tmp\slu6948.tmpFound mount point : C:\WINDOWS\Temp\slu6a92.tmp\slu6a92.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6a92.tmp\slu6a92.tmpFound mount point : C:\WINDOWS\Temp\slu6b0b.tmp\slu6b0b.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6b0b.tmp\slu6b0b.tmpFound mount point : C:\WINDOWS\Temp\slu6b1.tmp\slu6b1.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6b1.tmp\slu6b1.tmpFound mount point : C:\WINDOWS\Temp\slu6b52.tmp\slu6b52.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6b52.tmp\slu6b52.tmpFound mount point : C:\WINDOWS\Temp\slu6b7e.tmp\slu6b7e.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6b7e.tmp\slu6b7e.tmpFound mount point : C:\WINDOWS\Temp\slu6bc1.tmp\slu6bc1.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6bc1.tmp\slu6bc1.tmpFound mount point : C:\WINDOWS\Temp\slu6cfb.tmp\slu6cfb.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6cfb.tmp\slu6cfb.tmpFound mount point : C:\WINDOWS\Temp\slu6d40.tmp\slu6d40.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6d40.tmp\slu6d40.tmpFound mount point : C:\WINDOWS\Temp\slu6d5e.tmp\slu6d5e.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6d5e.tmp\slu6d5e.tmpFound mount point : C:\WINDOWS\Temp\slu6e87.tmp\slu6e87.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6e87.tmp\slu6e87.tmpFound mount point : C:\WINDOWS\Temp\slu6e8f.tmp\slu6e8f.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6e8f.tmp\slu6e8f.tmpFound mount point : C:\WINDOWS\Temp\slu6edb.tmp\slu6edb.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6edb.tmp\slu6edb.tmpFound mount point : C:\WINDOWS\Temp\slu6ef5.tmp\slu6ef5.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6ef5.tmp\slu6ef5.tmpFound mount point : C:\WINDOWS\Temp\slu6fe8.tmp\slu6fe8.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu6fe8.tmp\slu6fe8.tmpFound mount point : C:\WINDOWS\Temp\slu7140.tmp\slu7140.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7140.tmp\slu7140.tmpFound mount point : C:\WINDOWS\Temp\slu72aa.tmp\slu72aa.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu72aa.tmp\slu72aa.tmpFound mount point : C:\WINDOWS\Temp\slu7390.tmp\slu7390.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7390.tmp\slu7390.tmpFound mount point : C:\WINDOWS\Temp\slu73c7.tmp\slu73c7.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu73c7.tmp\slu73c7.tmpFound mount point : C:\WINDOWS\Temp\slu73f1.tmp\slu73f1.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu73f1.tmp\slu73f1.tmpFound mount point : C:\WINDOWS\Temp\slu75be.tmp\slu75be.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu75be.tmp\slu75be.tmpFound mount point : C:\WINDOWS\Temp\slu7681.tmp\slu7681.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7681.tmp\slu7681.tmpFound mount point : C:\WINDOWS\Temp\slu7692.tmp\slu7692.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7692.tmp\slu7692.tmpFound mount point : C:\WINDOWS\Temp\slu76a.tmp\slu76a.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu76a.tmp\slu76a.tmpFound mount point : C:\WINDOWS\Temp\slu7778.tmp\slu7778.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7778.tmp\slu7778.tmpFound mount point : C:\WINDOWS\Temp\slu7867.tmp\slu7867.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7867.tmp\slu7867.tmpFound mount point : C:\WINDOWS\Temp\slu78b1.tmp\slu78b1.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu78b1.tmp\slu78b1.tmpFound mount point : C:\WINDOWS\Temp\slu78d1.tmp\slu78d1.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu78d1.tmp\slu78d1.tmpFound mount point : C:\WINDOWS\Temp\slu793b.tmp\slu793b.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu793b.tmp\slu793b.tmpFound mount point : C:\WINDOWS\Temp\slu79a2.tmp\slu79a2.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu79a2.tmp\slu79a2.tmpFound mount point : C:\WINDOWS\Temp\slu7a4.tmp\slu7a4.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7a4.tmp\slu7a4.tmpFound mount point : C:\WINDOWS\Temp\slu7aa.tmp\slu7aa.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7aa.tmp\slu7aa.tmpFound mount point : C:\WINDOWS\Temp\slu7acd.tmp\slu7acd.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7acd.tmp\slu7acd.tmpFound mount point : C:\WINDOWS\Temp\slu7cc3.tmp\slu7cc3.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7cc3.tmp\slu7cc3.tmpFound mount point : C:\WINDOWS\Temp\slu7cd7.tmp\slu7cd7.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7cd7.tmp\slu7cd7.tmpFound mount point : C:\WINDOWS\Temp\slu7d5d.tmp\slu7d5d.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7d5d.tmp\slu7d5d.tmpFound mount point : C:\WINDOWS\Temp\slu7d78.tmp\slu7d78.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7d78.tmp\slu7d78.tmpFound mount point : C:\WINDOWS\Temp\slu7d9f.tmp\slu7d9f.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7d9f.tmp\slu7d9f.tmpFound mount point : C:\WINDOWS\Temp\slu7e29.tmp\slu7e29.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7e29.tmp\slu7e29.tmpFound mount point : C:\WINDOWS\Temp\slu7e33.tmp\slu7e33.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7e33.tmp\slu7e33.tmpFound mount point : C:\WINDOWS\Temp\slu7e6.tmp\slu7e6.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7e6.tmp\slu7e6.tmpFound mount point : C:\WINDOWS\Temp\slu7fc2.tmp\slu7fc2.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu7fc2.tmp\slu7fc2.tmpFound mount point : C:\WINDOWS\Temp\slu846.tmp\slu846.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu846.tmp\slu846.tmpFound mount point : C:\WINDOWS\Temp\slu874.tmp\slu874.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slu874.tmp\slu874.tmpFound mount point : C:\WINDOWS\Temp\slua73.tmp\slua73.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slua73.tmp\slua73.tmpFound mount point : C:\WINDOWS\Temp\sluc66.tmp\sluc66.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\sluc66.tmp\sluc66.tmpFound mount point : C:\WINDOWS\Temp\sluca1.tmp\sluca1.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\sluca1.tmp\sluca1.tmpFound mount point : C:\WINDOWS\Temp\slud35.tmp\slud35.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\slud35.tmp\slud35.tmpFound mount point : C:\WINDOWS\Temp\sluee8.tmp\sluee8.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\sluee8.tmp\sluee8.tmpFound mount point : C:\WINDOWS\Temp\sluf24.tmp\sluf24.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\sluf24.tmp\sluf24.tmpFound mount point : C:\WINDOWS\Temp\sluf79.tmp\sluf79.tmpMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\sluf79.tmp\sluf79.tmpFound mount point : C:\WINDOWS\Temp\tismsi\aucache\aucacheMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\tismsi\aucache\aucacheFound mount point : C:\WINDOWS\Temp\tismsi\iaudata\_aucache\_aucacheMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\tismsi\iaudata\_aucache\_aucacheFound mount point : C:\WINDOWS\Temp\wsst\wsstMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\wsst\wsstFound mount point : C:\WINDOWS\Temp\_ISTMP1.DIR\_ISTMP1.DIRMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\Temp\_ISTMP1.DIR\_ISTMP1.DIRFound mount point : C:\WINDOWS\TWAIN32\TWAIN32Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\TWAIN32\TWAIN32Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTempMount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTempFound mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2Mount point destination : \Device\__max++>\^Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2Finished! Link to post Share on other sites More sharing options...
Guest mimi2425 Posted September 14, 2009 ID:126390 Share Posted September 14, 2009 OMg my icons and task bar are gone again! Link to post Share on other sites More sharing options...
SpySentinel Posted September 14, 2009 ID:126839 Share Posted September 14, 2009 Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".[*]During the download, rename Combofix to Combo-Fix as follows:[*]It is important you rename Combofix during the download, but not after.[*]Please do not rename Combofix to other names, but only to the one indicated.[*]Close any open browsers.[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers.WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------[*]Double click on combo-Fix.exe & follow the prompts.[*]When finished, it will produce a report for you. [*]Please post the "C:\Combo-Fix.txt" for further review.**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** Link to post Share on other sites More sharing options...
Guest mimi2425 Posted September 14, 2009 ID:126972 Share Posted September 14, 2009 I tried running combo fix but it keeps telling me that I have Norton running but i removed it via add and remove programs and did a restart and tried running combo fix again and its still saying its running , I also checked to see if its running in my task manager but its not running. should i still run combo fix? Link to post Share on other sites More sharing options...
SpySentinel Posted September 15, 2009 ID:127113 Share Posted September 15, 2009 Yes continue to run ComboFix Link to post Share on other sites More sharing options...
Guest mimi2425 Posted September 16, 2009 ID:127702 Share Posted September 16, 2009 Here is the logScanning for infected files . . .This typically doesn't take more than 10 minutesHowever, scan times for badly infected machines may easily doubleCompleted Stage_1Completed Stage_2Completed Stage_3Completed Stage_4Completed Stage_5Completed Stage_6Completed Stage_6ACompleted Stage_7Completed Stage_8Completed Stage_9Completed Stage_10Completed Stage_11Completed Stage_12Completed Stage_13Completed Stage_14Completed Stage_15Completed Stage_16Completed Stage_17Completed Stage_18Completed Stage_19Completed Stage_19BCompleted Stage_20Completed Stage_21Completed Stage_22Completed Stage_23Completed Stage_24Completed Stage_25Completed Stage_26Completed Stage_27Completed Stage_28Completed Stage_29Completed Stage_30Completed Stage_31Completed Stage_32Completed Stage_32ACompleted Stage_33Completed Stage_34Completed Stage_35Completed Stage_36Completed Stage_37Completed Stage_38Completed Stage_39Completed Stage_40Completed Stage_41Completed Stage_42Completed Stage_43Completed Stage_44Completed Stage_45Completed Stage_46Completed Stage_47Completed Stage_48Completed Stage_49Completed Stage_50 Link to post Share on other sites More sharing options...
SpySentinel Posted September 16, 2009 ID:127734 Share Posted September 16, 2009 If you navigate to C:\ComboFix there should be a complete log. Please post that here. Link to post Share on other sites More sharing options...
Guest mimi2425 Posted September 16, 2009 ID:127881 Share Posted September 16, 2009 I cannot navigate to C:\ComboFix. Its says the file does not exist when i tried running it from the task manager. I cannot go to start/run because my start bar is not there. I did run Combofix from my desktop via task manager and it ran then did a reboot. I do not know or see any log file to post. Link to post Share on other sites More sharing options...
SpySentinel Posted September 18, 2009 ID:128834 Share Posted September 18, 2009 We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Zip Mirrors (Recommended)Primary MirrorSecondary MirrorSecondary Mirror[*]Rar Mirrors - Only if you know what a RAR is and can extract it. Primary MirrorSecondary MirrorSecondary Mirror[*]Extract RootRepeal.exe from the archive.[*]Open on your desktop.[*]Click the tab.[*]Click the button.[*]Check all seven boxes: [*]Push Ok[*]Check the box for your main system drive (Usually C:), and press Ok.[*]Allow RootRepeal to run a scan of your system. This may take some time.[*]Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please. Link to post Share on other sites More sharing options...
Guest mimi2425 Posted September 20, 2009 ID:130100 Share Posted September 20, 2009 ROOTREPEAL © AD, 2007-2009==================================================Scan Start Time: 2009/09/20 13:14Program Version: Version 1.3.5.0Windows Version: Windows XP SP2==================================================Drivers-------------------Name: 1394BUS.SYSImage Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYSAddress: 0xF7899000 Size: 53248 File Visible: - Signed: -Status: -Name: ACEDRV06.sysImage Path: C:\WINDOWS\system32\drivers\ACEDRV06.sysAddress: 0xEFEC3000 Size: 393216 File Visible: - Signed: -Status: -Name: ACPI.sysImage Path: ACPI.sysAddress: 0xF77DA000 Size: 187776 File Visible: - Signed: -Status: -Name: ACPI_HALImage Path: \Driver\ACPI_HALAddress: 0x804D7000 Size: 2180480 File Visible: - Signed: -Status: -Name: afd.sysImage Path: C:\WINDOWS\System32\drivers\afd.sysAddress: 0xF4AFA000 Size: 138368 File Visible: - Signed: -Status: -Name: AGRSM.sysImage Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sysAddress: 0xF6DEB000 Size: 1268128 File Visible: - Signed: -Status: -Name: ALCXWDM.SYSImage Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYSAddress: 0xF6B78000 Size: 2279424 File Visible: - Signed: -Status: -Name: amdk7.sysImage Path: C:\WINDOWS\system32\DRIVERS\amdk7.sysAddress: 0xF79B9000 Size: 37376 File Visible: - Signed: -Status: -Name: arp1394.sysImage Path: C:\WINDOWS\system32\DRIVERS\arp1394.sysAddress: 0xF6F90000 Size: 60800 File Visible: - Signed: -Status: -Name: atapi.sysImage Path: atapi.sysAddress: 0xF7792000 Size: 95360 File Visible: - Signed: -Status: -Name: ATMFD.DLLImage Path: C:\WINDOWS\System32\ATMFD.DLLAddress: 0xBFFA0000 Size: 286720 File Visible: - Signed: -Status: -Name: audstub.sysImage Path: C:\WINDOWS\system32\DRIVERS\audstub.sysAddress: 0xF7E45000 Size: 3072 File Visible: - Signed: -Status: -Name: Beep.SYSImage Path: C:\WINDOWS\System32\Drivers\Beep.SYSAddress: 0xF7D5D000 Size: 4224 File Visible: - Signed: -Status: -Name: BOOTVID.dllImage Path: C:\WINDOWS\system32\BOOTVID.dllAddress: 0xF7C39000 Size: 12288 File Visible: - Signed: -Status: -Name: cdrom.sysImage Path: C:\WINDOWS\system32\DRIVERS\cdrom.sysAddress: 0xF79D9000 Size: 49536 File Visible: - Signed: -Status: -Name: CLASSPNP.SYSImage Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYSAddress: 0xF7869000 Size: 53248 File Visible: - Signed: -Status: -Name: disk.sysImage Path: disk.sysAddress: 0xF7859000 Size: 36352 File Visible: - Signed: -Status: -Name: drmk.sysImage Path: C:\WINDOWS\system32\drivers\drmk.sysAddress: 0xF79F9000 Size: 61440 File Visible: - Signed: -Status: -Name: dump_atapi.sysImage Path: C:\WINDOWS\System32\Drivers\dump_atapi.sysAddress: 0xF4863000 Size: 98304 File Visible: No Signed: -Status: -Name: dump_WMILIB.SYSImage Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYSAddress: 0xF7D8B000 Size: 8192 File Visible: No Signed: -Status: -Name: Dxapi.sysImage Path: C:\WINDOWS\System32\drivers\Dxapi.sysAddress: 0xF7CB9000 Size: 12288 File Visible: - Signed: -Status: -Name: dxg.sysImage Path: C:\WINDOWS\System32\drivers\dxg.sysAddress: 0xBF000000 Size: 73728 File Visible: - Signed: -Status: -Name: dxgthk.sysImage Path: C:\WINDOWS\System32\drivers\dxgthk.sysAddress: 0xF7E17000 Size: 4096 File Visible: - Signed: -Status: -Name: eeCtrl.sysImage Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sysAddress: 0xF49E1000 Size: 385024 File Visible: - Signed: -Status: -Name: Fastfat.SYSImage Path: C:\WINDOWS\System32\Drivers\Fastfat.SYSAddress: 0xF48F6000 Size: 143360 File Visible: - Signed: -Status: -Name: fasttx2k.sysImage Path: fasttx2k.sysAddress: 0xF776F000 Size: 142336 File Visible: - Signed: -Status: -Name: fdc.sysImage Path: C:\WINDOWS\system32\DRIVERS\fdc.sysAddress: 0xF7BD9000 Size: 27392 File Visible: - Signed: -Status: -Name: fetnd5bv.sysImage Path: C:\WINDOWS\system32\DRIVERS\fetnd5bv.sysAddress: 0xF7A09000 Size: 42496 File Visible: - Signed: -Status: -Name: Fips.SYSImage Path: C:\WINDOWS\System32\Drivers\Fips.SYSAddress: 0xF6FB0000 Size: 34944 File Visible: - Signed: -Status: -Name: flpydisk.sysImage Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sysAddress: 0xF7C09000 Size: 20480 File Visible: - Signed: -Status: -Name: fltMgr.sysImage Path: fltMgr.sysAddress: 0xF7737000 Size: 128896 File Visible: - Signed: -Status: -Name: Fs_Rec.SYSImage Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYSAddress: 0xF7D5B000 Size: 7936 File Visible: - Signed: -Status: -Name: ftdisk.sysImage Path: ftdisk.sysAddress: 0xF77AA000 Size: 125056 File Visible: - Signed: -Status: -Name: hal.dllImage Path: C:\WINDOWS\system32\hal.dllAddress: 0x806EC000 Size: 131968 File Visible: - Signed: -Status: -Name: HIDCLASS.SYSImage Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYSAddress: 0xF6F60000 Size: 36864 File Visible: - Signed: -Status: -Name: HIDPARSE.SYSImage Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYSAddress: 0xF7C19000 Size: 28672 File Visible: - Signed: -Status: -Name: hidusb.sysImage Path: C:\WINDOWS\system32\DRIVERS\hidusb.sysAddress: 0xF4C17000 Size: 9600 File Visible: - Signed: -Status: -Name: imapi.sysImage Path: C:\WINDOWS\system32\DRIVERS\imapi.sysAddress: 0xF79C9000 Size: 41856 File Visible: - Signed: -Status: -Name: ipfltdrv.sysImage Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sysAddress: 0xF7A69000 Size: 32896 File Visible: - Signed: -Status: -Name: ipnat.sysImage Path: C:\WINDOWS\system32\DRIVERS\ipnat.sysAddress: 0xF4A3F000 Size: 134912 File Visible: - Signed: -Status: -Name: ipsec.sysImage Path: C:\WINDOWS\system32\DRIVERS\ipsec.sysAddress: 0xF4B9C000 Size: 74752 File Visible: - Signed: -Status: -Name: isapnp.sysImage Path: isapnp.sysAddress: 0xF7829000 Size: 35840 File Visible: - Signed: -Status: -Name: kbdclass.sysImage Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sysAddress: 0xF7BF9000 Size: 24576 File Visible: - Signed: -Status: -Name: kbdhid.sysImage Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sysAddress: 0xF4C13000 Size: 14848 File Visible: - Signed: -Status: -Name: KDCOM.DLLImage Path: C:\WINDOWS\system32\KDCOM.DLLAddress: 0xF7D29000 Size: 8192 File Visible: - Signed: -Status: -Name: ks.sysImage Path: C:\WINDOWS\system32\DRIVERS\ks.sysAddress: 0xF6DC8000 Size: 143360 File Visible: - Signed: -Status: -Name: KSecDD.sysImage Path: KSecDD.sysAddress: 0xF770E000 Size: 92544 File Visible: - Signed: -Status: -Name: LHidFilt.SysImage Path: C:\WINDOWS\system32\DRIVERS\LHidFilt.SysAddress: 0xF7B21000 Size: 28672 File Visible: - Signed: -Status: -Name: LMouFilt.SysImage Path: C:\WINDOWS\system32\DRIVERS\LMouFilt.SysAddress: 0xF7B29000 Size: 30208 File Visible: - Signed: -Status: -Name: mnmdd.SYSImage Path: C:\WINDOWS\System32\Drivers\mnmdd.SYSAddress: 0xF7D5F000 Size: 4224 File Visible: - Signed: -Status: -Name: Modem.SYSImage Path: C:\WINDOWS\System32\Drivers\Modem.SYSAddress: 0xF7BC1000 Size: 30080 File Visible: - Signed: -Status: -Name: mouclass.sysImage Path: C:\WINDOWS\system32\DRIVERS\mouclass.sysAddress: 0xF7C01000 Size: 23040 File Visible: - Signed: -Status: -Name: mouhid.sysImage Path: C:\WINDOWS\system32\DRIVERS\mouhid.sysAddress: 0xF4C0F000 Size: 12160 File Visible: - Signed: -Status: -Name: MountMgr.sysImage Path: MountMgr.sysAddress: 0xF7839000 Size: 42240 File Visible: - Signed: -Status: -Name: mrxdav.sysImage Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sysAddress: 0xEFC8F000 Size: 179584 File Visible: - Signed: -Status: -Name: mrxsmb.sysImage Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sysAddress: 0xF4A60000 Size: 453632 File Visible: - Signed: -Status: -Name: Msfs.SYSImage Path: C:\WINDOWS\System32\Drivers\Msfs.SYSAddress: 0xF7C29000 Size: 19072 File Visible: - Signed: -Status: -Name: msgpc.sysImage Path: C:\WINDOWS\system32\DRIVERS\msgpc.sysAddress: 0xF7A59000 Size: 35072 File Visible: - Signed: -Status: -Name: mssmbios.sysImage Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sysAddress: 0xF70A7000 Size: 15488 File Visible: - Signed: -Status: -Name: Mup.sysImage Path: Mup.sysAddress: 0xF7639000 Size: 107904 File Visible: - Signed: -Status: -Name: NDIS.sysImage Path: NDIS.sysAddress: 0xF7654000 Size: 182912 File Visible: - Signed: -Status: -Name: ndistapi.sysImage Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sysAddress: 0xF7D1D000 Size: 9600 File Visible: - Signed: -Status: -Name: ndisuio.sysImage Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sysAddress: 0xEFF47000 Size: 12928 File Visible: - Signed: -Status: -Name: ndiswan.sysImage Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sysAddress: 0xF6B2C000 Size: 91776 File Visible: - Signed: -Status: -Name: NDProxy.SYSImage Path: C:\WINDOWS\System32\Drivers\NDProxy.SYSAddress: 0xF7A99000 Size: 38016 File Visible: - Signed: -Status: -Name: netbios.sysImage Path: C:\WINDOWS\system32\DRIVERS\netbios.sysAddress: 0xF6FD0000 Size: 34560 File Visible: - Signed: -Status: -Name: netbt.sysImage Path: C:\WINDOWS\system32\DRIVERS\netbt.sysAddress: 0xF4B1C000 Size: 162816 File Visible: - Signed: -Status: -Name: nic1394.sysImage Path: C:\WINDOWS\system32\DRIVERS\nic1394.sysAddress: 0xF78C9000 Size: 61824 File Visible: - Signed: -Status: -Name: Npfs.SYSImage Path: C:\WINDOWS\System32\Drivers\Npfs.SYSAddress: 0xF7C31000 Size: 30848 File Visible: - Signed: -Status: -Name: Ntfs.sysImage Path: Ntfs.sysAddress: 0xF7681000 Size: 574464 File Visible: - Signed: -Status: -Name: ntoskrnl.exeImage Path: C:\WINDOWS\system32\ntoskrnl.exeAddress: 0x804D7000 Size: 2180480 File Visible: - Signed: -Status: -Name: Null.SYSImage Path: C:\WINDOWS\System32\Drivers\Null.SYSAddress: 0xF7EFD000 Size: 2944 File Visible: - Signed: -Status: -Name: ohci1394.sysImage Path: ohci1394.sysAddress: 0xF7889000 Size: 61056 File Visible: - Signed: -Status: -Name: parport.sysImage Path: C:\WINDOWS\system32\DRIVERS\parport.sysAddress: 0xF6B43000 Size: 80128 File Visible: - Signed: -Status: -Name: PartMgr.sysImage Path: PartMgr.sysAddress: 0xF7AB1000 Size: 18688 File Visible: - Signed: -Status: -Name: pci.sysImage Path: pci.sysAddress: 0xF77C9000 Size: 68224 File Visible: - Signed: -Status: -Name: pciide.sysImage Path: pciide.sysAddress: 0xF7DF1000 Size: 3328 File Visible: - Signed: -Status: -Name: PCIIDEX.SYSImage Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYSAddress: 0xF7AA9000 Size: 28672 File Visible: - Signed: -Status: -Name: PnpManagerImage Path: \Driver\PnpManagerAddress: 0x804D7000 Size: 2180480 File Visible: - Signed: -Status: -Name: portcls.sysImage Path: C:\WINDOWS\system32\drivers\portcls.sysAddress: 0xF6B57000 Size: 135168 File Visible: - Signed: -Status: -Name: psched.sysImage Path: C:\WINDOWS\system32\DRIVERS\psched.sysAddress: 0xF6B1B000 Size: 69120 File Visible: - Signed: -Status: -Name: ptilink.sysImage Path: C:\WINDOWS\system32\DRIVERS\ptilink.sysAddress: 0xF7BE9000 Size: 17792 File Visible: - Signed: -Status: -Name: rasacd.sysImage Path: C:\WINDOWS\system32\DRIVERS\rasacd.sysAddress: 0xF7CC1000 Size: 8832 File Visible: - Signed: -Status: -Name: rasl2tp.sysImage Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sysAddress: 0xF7A29000 Size: 51328 File Visible: - Signed: -Status: -Name: raspppoe.sysImage Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sysAddress: 0xF7A39000 Size: 41472 File Visible: - Signed: -Status: -Name: raspptp.sysImage Path: C:\WINDOWS\system32\DRIVERS\raspptp.sysAddress: 0xF7A49000 Size: 48384 File Visible: - Signed: -Status: -Name: raspti.sysImage Path: C:\WINDOWS\system32\DRIVERS\raspti.sysAddress: 0xF7BF1000 Size: 16512 File Visible: - Signed: -Status: -Name: RAWImage Path: \FileSystem\RAWAddress: 0x804D7000 Size: 2180480 File Visible: - Signed: -Status: -Name: rdbss.sysImage Path: C:\WINDOWS\system32\DRIVERS\rdbss.sysAddress: 0xF4ACF000 Size: 174592 File Visible: - Signed: -Status: -Name: RDPCDD.sysImage Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sysAddress: 0xF7D61000 Size: 4224 File Visible: - Signed: -Status: -Name: redbook.sysImage Path: C:\WINDOWS\system32\DRIVERS\redbook.sysAddress: 0xF79E9000 Size: 57472 File Visible: - Signed: -Status: -Name: rootrepeal.sysImage Path: C:\WINDOWS\system32\drivers\rootrepeal.sysAddress: 0xEF473000 Size: 49152 File Visible: No Signed: -Status: -Name: SCSIPORT.SYSImage Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYSAddress: 0xF7757000 Size: 98304 File Visible: - Signed: -Status: -Name: serenum.sysImage Path: C:\WINDOWS\system32\DRIVERS\serenum.sysAddress: 0xF7D19000 Size: 15488 File Visible: - Signed: -Status: -Name: serial.sysImage Path: C:\WINDOWS\system32\DRIVERS\serial.sysAddress: 0xF7A19000 Size: 64896 File Visible: - Signed: -Status: -Name: SISAGPX.sysImage Path: SISAGPX.sysAddress: 0xF7879000 Size: 36992 File Visible: - Signed: -Status: -Name: sr.sysImage Path: sr.sysAddress: 0xF7725000 Size: 73472 File Visible: - Signed: -Status: -Name: srv.sysImage Path: C:\WINDOWS\system32\DRIVERS\srv.sysAddress: 0xEFBED000 Size: 333184 File Visible: - Signed: -Status: -Name: srvkp.sysImage Path: C:\WINDOWS\system32\DRIVERS\srvkp.sysAddress: 0xF7CC9000 Size: 12160 File Visible: - Signed: -Status: -Name: swenum.sysImage Path: C:\WINDOWS\system32\DRIVERS\swenum.sysAddress: 0xF7D55000 Size: 4352 File Visible: - Signed: -Status: -Name: sysaudio.sysImage Path: C:\WINDOWS\system32\drivers\sysaudio.sysAddress: 0xEF965000 Size: 60800 File Visible: - Signed: -Status: -Name: tcpip.sysImage Path: C:\WINDOWS\system32\DRIVERS\tcpip.sysAddress: 0xF4B44000 Size: 360320 File Visible: - Signed: -Status: -Name: TDI.SYSImage Path: C:\WINDOWS\system32\DRIVERS\TDI.SYSAddress: 0xF7BE1000 Size: 20480 File Visible: - Signed: -Status: -Name: termdd.sysImage Path: C:\WINDOWS\system32\DRIVERS\termdd.sysAddress: 0xF7A79000 Size: 40704 File Visible: - Signed: -Status: -Name: update.sysImage Path: C:\WINDOWS\system32\DRIVERS\update.sysAddress: 0xF5C1F000 Size: 209408 File Visible: - Signed: -Status: -Name: usbccgp.sysImage Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sysAddress: 0xF7B01000 Size: 31616 File Visible: - Signed: -Status: -Name: USBD.SYSImage Path: C:\WINDOWS\system32\DRIVERS\USBD.SYSAddress: 0xF7D57000 Size: 8192 File Visible: - Signed: -Status: -Name: usbehci.sysImage Path: C:\WINDOWS\system32\DRIVERS\usbehci.sysAddress: 0xF7BD1000 Size: 26624 File Visible: - Signed: -Status: -Name: usbhub.sysImage Path: C:\WINDOWS\system32\DRIVERS\usbhub.sysAddress: 0xF6FF0000 Size: 57600 File Visible: - Signed: -Status: -Name: USBPORT.SYSImage Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYSAddress: 0xF6DA5000 Size: 143360 File Visible: - Signed: -Status: -Name: USBSTOR.SYSImage Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYSAddress: 0xF7B19000 Size: 26496 File Visible: - Signed: -Status: -Name: usbuhci.sysImage Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sysAddress: 0xF7BC9000 Size: 20480 File Visible: - Signed: -Status: -Name: vga.sysImage Path: C:\WINDOWS\System32\drivers\vga.sysAddress: 0xF7C21000 Size: 20992 File Visible: - Signed: -Status: -Name: viaagp1.sysImage Path: viaagp1.sysAddress: 0xF7AB9000 Size: 27904 File Visible: - Signed: -Status: -Name: viaide.sysImage Path: viaide.sysAddress: 0xF7D2D000 Size: 5376 File Visible: - Signed: -Status: -Name: VIDEOPRT.SYSImage Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYSAddress: 0xF6F21000 Size: 81920 File Visible: - Signed: -Status: -Name: VolSnap.sysImage Path: VolSnap.sysAddress: 0xF7849000 Size: 52352 File Visible: - Signed: -Status: -Name: vtdisp.dllImage Path: C:\WINDOWS\System32\vtdisp.dllAddress: 0xBF012000 Size: 3448832 File Visible: - Signed: -Status: -Name: vtmini.sysImage Path: C:\WINDOWS\system32\DRIVERS\vtmini.sysAddress: 0xF6F35000 Size: 172672 File Visible: - Signed: -Status: -Name: wanarp.sysImage Path: C:\WINDOWS\system32\DRIVERS\wanarp.sysAddress: 0xF6FA0000 Size: 34560 File Visible: - Signed: -Status: -Name: watchdog.sysImage Path: C:\WINDOWS\System32\watchdog.sysAddress: 0xF7B31000 Size: 20480 File Visible: - Signed: -Status: -Name: Wdf01000.sysImage Path: C:\WINDOWS\system32\DRIVERS\Wdf01000.sysAddress: 0xF487B000 Size: 503808 File Visible: - Signed: -Status: -Name: WDFLDR.SYSImage Path: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYSAddress: 0xF78E9000 Size: 53248 File Visible: - Signed: -Status: -Name: wdmaud.sysImage Path: C:\WINDOWS\system32\drivers\wdmaud.sysAddress: 0xEF890000 Size: 82944 File Visible: - Signed: -Status: -Name: Win32kImage Path: \Driver\Win32kAddress: 0xBF800000 Size: 1847296 File Visible: - Signed: -Status: -Name: win32k.sysImage Path: C:\WINDOWS\System32\win32k.sysAddress: 0xBF800000 Size: 1847296 File Visible: - Signed: -Status: -Name: WMILIB.SYSImage Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYSAddress: 0xF7D2B000 Size: 8192 File Visible: - Signed: -Status: -Name: WMIxWDMImage Path: \Driver\WMIxWDMAddress: 0x804D7000 Size: 2180480 File Visible: - Signed: -Status: - Link to post Share on other sites More sharing options...
SpySentinel Posted September 23, 2009 ID:131945 Share Posted September 23, 2009 Please try running ComboFix again Link to post Share on other sites More sharing options...
Guest mimi2425 Posted September 24, 2009 ID:132628 Share Posted September 24, 2009 Here is the combo fix log...ComboFix 09-09-23.02 - HP_Owner 09/24/2009 17:07.3.1 - NTFSx86Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exeAV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\documents and settings\All Users\Start Menu\Programs\Uninstall.lnkc:\recycler\S-1-5-21-199960019-3932292435-3705872623-1003c:\recycler\S-1-5-21-3094934009-3710619629-778282832-1009c:\windows\Config\aveol.bak1c:\windows\Config\aveol.bak2c:\windows\Config\aveol.inic:\windows\Config\aveol.ini2c:\windows\Config\aveol.tmpc:\windows\Fonts\._posto_b.ttfc:\windows\Fonts\._postoffice.ttfc:\windows\Installer\15a63d2.mspc:\windows\Installer\18d029a.msic:\windows\Installer\18d02a0.msic:\windows\Installer\18d02a7.msic:\windows\Installer\18d02af.msic:\windows\Installer\18d02b6.msic:\windows\Installer\18d02bc.msic:\windows\Installer\18d02c3.msic:\windows\Installer\18d02cb.msic:\windows\Installer\18d02d3.msic:\windows\Installer\18d02db.msic:\windows\Installer\18d02e3.msic:\windows\Installer\18d02ea.msic:\windows\Installer\18d02f1.msic:\windows\Installer\18d02f9.msic:\windows\Installer\18d0301.msic:\windows\Installer\18d0309.msic:\windows\Installer\18d0311.msic:\windows\Installer\18d0319.msic:\windows\Installer\18d0321.msic:\windows\Installer\18d0329.msic:\windows\Installer\18d0331.msic:\windows\Installer\18d0339.msic:\windows\Installer\18d0341.msic:\windows\Installer\18d0348.msic:\windows\Installer\18d034e.msic:\windows\Installer\18d0355.msic:\windows\Installer\18d035d.msic:\windows\Installer\18d0363.msic:\windows\Installer\18d036a.msic:\windows\Installer\1c7d0b8.msic:\windows\Installer\6c50f5.msic:\windows\Installer\84b76c.msic:\windows\Installer\93cee5.mspc:\windows\system32\bjlpykyl.inic:\windows\system32\bjmqjfsx.inic:\windows\system32\brengavm.inic:\windows\system32\ccehsnmb.inic:\windows\system32\coawcwxx.inic:\windows\system32\csgwxrkx.inic:\windows\system32\ctoptrub.inic:\windows\system32\cwxepgrm.inic:\windows\system32\decmppyt.inic:\windows\system32\dfsrxjgh.inic:\windows\system32\dijyyoky.inic:\windows\system32\ditecrse.inic:\windows\system32\dpqmiupx.inic:\windows\system32\drivers\halrthsv.sysc:\windows\system32\epsqyugp.inic:\windows\system32\eumdmyhu.inic:\windows\system32\ffkjoduy.inic:\windows\system32\fggprvsh.inic:\windows\system32\fgixlfkc.inic:\windows\system32\ghulviam.inic:\windows\system32\ghvsynxp.inic:\windows\system32\guahmlel.inic:\windows\system32\gwgvusnc.inic:\windows\system32\gyyeoinp.inic:\windows\system32\hjuyayik.inic:\windows\system32\hpcdjehs.inic:\windows\system32\hptygtyt.inic:\windows\system32\hsukykna.inic:\windows\system32\huntiolt.inic:\windows\system32\hwwsryjr.inic:\windows\system32\iiaeynlx.inic:\windows\system32\irtppups.inic:\windows\system32\ivvfijne.inic:\windows\system32\ixwxjkle.inic:\windows\system32\jfuvsqgb.inic:\windows\system32\jjtpclqh.inic:\windows\system32\jqxwyelk.inic:\windows\system32\jtoxsofl.inic:\windows\system32\jvaadqfi.inic:\windows\system32\jvsrnhsx.inic:\windows\system32\kpwytntw.inic:\windows\system32\kwccxjkc.inic:\windows\system32\kwplomjj.inic:\windows\system32\lbpjfcew.inic:\windows\system32\lcdauvyt.inic:\windows\system32\lcsoqgfj.inic:\windows\system32\lmdyqnvh.inic:\windows\system32\lpomkurb.inic:\windows\system32\lqnpsbll.inic:\windows\system32\lttheddd.inic:\windows\system32\lykcrqur.inic:\windows\system32\mcxjtsxi.inic:\windows\system32\mjiqmyjn.inic:\windows\system32\mpuuwuyq.inic:\windows\system32\msludjct.inic:\windows\system32\naymsvpk.inic:\windows\system32\neejqbpd.inic:\windows\system32\pfpxnqot.inic:\windows\system32\pguwasbw.inic:\windows\system32\phptjgyn.inic:\windows\system32\ps2.batc:\windows\system32\qdcrmkjs.inic:\windows\system32\qfjeupxs.inic:\windows\system32\qjluexjm.inic:\windows\system32\rcahtcdl.inic:\windows\system32\rchopaxa.inic:\windows\system32\romqnmtn.inic:\windows\system32\rprklajv.inic:\windows\system32\saqfhsai.inic:\windows\system32\shjapyqk.inic:\windows\system32\sleoiufy.inic:\windows\system32\smcwgblr.inic:\windows\system32\stswhdxf.inic:\windows\system32\tcgcxgws.inic:\windows\system32\tkvbgqro.inic:\windows\system32\tojkewnb.inic:\windows\system32\tqnlbjsm.inic:\windows\system32\uagrsepc.inic:\windows\system32\udgovaso.inic:\windows\system32\uofhxofi.inic:\windows\system32\uqnfprao.inic:\windows\system32\uxwupfhu.inic:\windows\system32\vfatyxnb.inic:\windows\system32\vwkjljpr.inic:\windows\system32\vwrwxwfx.inic:\windows\system32\vxgvyxrp.inic:\windows\system32\weuwsjmw.inic:\windows\system32\wsilerys.inic:\windows\system32\wvambhfu.inic:\windows\system32\wvrmdqjw.inic:\windows\system32\wxtiiflw.inic:\windows\system32\xaekpebw.inic:\windows\system32\xllrxjec.inic:\windows\system32\yhtcyiye.inic:\windows\system32\ytogpaqb.inic:\windows\system32\yxgtkglt.inic:\windows\viassary-hp.regD:\Autorun.inf-- Previous Run --Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\system32\dllcache\eventlog.dll --------.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}-------\Legacy_iptgetut-------\Service_iptgetut((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 ))))))))))))))))))))))))))))))).2009-09-16 01:24 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll2009-09-16 01:24 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll2009-09-13 18:05 . 2001-08-17 18:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll2009-09-13 18:04 . 2001-08-18 02:36 43008 -c--a-w- c:\windows\system32\dllcache\esucm.dll2009-09-13 18:03 . 2001-08-17 16:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys2009-09-13 18:02 . 2001-08-18 02:36 419357 -c--a-w- c:\windows\system32\dllcache\dgconfig.dll2009-09-13 18:01 . 2001-08-17 17:58 9344 -c--a-w- c:\windows\system32\dllcache\compbatt.sys2009-09-13 18:00 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys2009-09-13 17:59 . 2004-08-04 04:56 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll2009-09-13 17:58 . 2004-08-04 04:56 3135 -c--a-w- c:\windows\system32\dllcache\adv08nt5.dll2009-09-13 17:08 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-09-13 17:08 . 2009-09-13 17:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-09-13 17:08 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-09-13 15:39 . 2009-09-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2009-09-13 15:39 . 2009-09-13 15:39 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com2009-09-13 15:20 . 2009-09-13 17:03 -------- d-----w- c:\program files\Design Science2009-09-12 17:49 . 2009-09-12 17:49 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Tific2009-09-12 17:49 . 2009-09-12 17:49 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Tific2009-09-11 22:23 . 2009-09-16 01:28 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Adobe2009-09-11 17:39 . 2009-09-11 17:39 -------- d-----w- c:\program files\Windows Sidebar2009-09-11 17:39 . 2009-09-14 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2009-09-11 17:38 . 2009-09-11 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-09-18 21:20 . 2009-08-21 17:39 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IMVU2009-09-14 23:26 . 2007-11-26 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec2009-09-14 23:26 . 2004-08-08 14:56 -------- d-----w- c:\program files\Common Files\Symantec Shared2009-09-14 15:16 . 2004-11-27 00:33 458728 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-09-13 17:05 . 2004-08-07 21:16 -------- d-----w- c:\program files\Microsoft ActiveSync2009-09-13 17:02 . 2009-08-13 23:25 -------- d-----w- c:\program files\Astraware2009-09-11 17:39 . 2007-11-26 03:44 -------- d-----w- c:\program files\Symantec2009-09-11 17:39 . 2007-11-26 03:45 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2009-09-11 17:39 . 2007-11-26 03:45 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF2009-09-11 17:39 . 2007-11-26 03:45 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT2009-09-11 17:39 . 2007-11-26 03:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2009-09-01 01:50 . 2009-08-09 14:19 -------- d-----w- c:\program files\QuickTime2009-09-01 01:50 . 2004-08-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer2009-08-30 02:58 . 2009-08-21 17:39 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IMVUClient2009-08-19 20:19 . 2009-08-19 20:19 -------- d-----w- c:\program files\PocketRAR2009-08-19 16:07 . 2009-08-19 16:07 -------- d-----w- c:\program files\MSBuild2009-08-19 16:03 . 2009-08-19 16:03 -------- d-----w- c:\program files\MSXML 6.02009-08-14 03:39 . 2009-08-14 03:39 -------- d-----w- c:\program files\Handmark2009-08-12 22:14 . 2009-02-21 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip2009-08-11 05:02 . 2009-08-11 05:02 -------- d-----w- c:\program files\JB Piano2009-08-09 14:23 . 2004-08-07 21:03 -------- d-----w- c:\program files\Common Files\Real2009-08-09 14:23 . 2009-08-09 14:23 -------- d-----w- c:\program files\Common Files\xing shared2009-08-09 14:23 . 2003-03-19 10:14 499712 ----a-w- c:\windows\system32\msvcp71.dll2009-08-09 14:23 . 2003-02-21 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll2009-08-09 14:18 . 2009-08-09 14:18 -------- d-----w- c:\program files\Apple Software Update2009-08-09 14:18 . 2009-08-09 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple2009-08-05 09:11 . 2004-08-07 18:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll2009-08-02 14:38 . 2009-02-21 02:21 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Thinstall2009-08-02 14:37 . 2004-12-19 07:02 -------- d-----w- c:\program files\Common Files\Adobe2009-08-01 00:22 . 2009-03-15 02:24 410984 ----a-w- c:\windows\system32\deploytk.dll2009-08-01 00:21 . 2004-08-07 19:36 -------- d-----w- c:\program files\Java2009-07-31 19:04 . 2004-08-07 21:15 -------- d-----w- c:\program files\Microsoft.NET2009-07-30 01:18 . 2009-07-28 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab2009-07-28 21:34 . 2007-04-04 11:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\U32009-07-28 18:45 . 2009-07-28 18:45 46128 ----a-w- c:\windows\system32\DLLPRF32.DAT2009-07-28 17:53 . 2009-07-28 17:53 0 ----a-w- c:\windows\system32\MX_SHARE.DAT2009-07-28 16:30 . 2009-07-28 16:30 -------- d-----w- c:\program files\Kaspersky Lab2009-07-28 16:20 . 2009-07-28 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files2009-07-28 02:52 . 2005-09-16 23:44 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer2009-07-28 02:49 . 2009-07-28 02:49 5632 --sha-w- c:\program files\Thumbs.db2009-07-28 02:49 . 2007-10-14 12:08 -------- d-----w- c:\program files\Windows Media Connect 22009-07-28 02:49 . 2004-11-27 01:18 -------- d-----w- c:\program files\Quicken2009-07-28 02:49 . 2004-11-27 16:17 -------- d-----w- c:\program files\PhotoDeluxe HE 3.02009-07-28 02:49 . 2004-08-07 21:02 -------- d-----w- c:\program files\MSN Encarta Standard2009-07-28 02:32 . 2004-08-07 21:34 -------- d-----w- c:\program files\Help and Support Additions2009-07-17 18:55 . 2004-08-07 18:46 58880 ----a-w- c:\windows\system32\atl.dll2009-07-14 03:43 . 2004-08-07 18:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll2009-07-02 00:50 . 2009-07-02 00:50 16 ----a-w- c:\windows\popcinfo.dat2009-07-01 04:03 . 2009-07-01 04:03 720896 ----a-w- c:\windows\iun6002ev.exe2009-06-29 16:12 . 2004-08-07 18:47 827392 ----a-w- c:\windows\system32\wininet.dll2009-06-29 16:12 . 2004-08-07 18:46 78336 ----a-w- c:\windows\system32\ieencode.dll2009-06-29 16:12 . 2004-08-07 18:46 17408 ----a-w- c:\windows\system32\corpol.dll2005-06-27 03:11 . 2005-06-27 03:11 1478197 ----a-w- c:\program files\testY.pdd2005-05-30 20:15 . 2005-05-30 20:15 593466 ----a-w- c:\program files\PhotoDeluxe HE 3.GIF2005-04-07 21:18 . 2005-04-07 19:48 67584 ----a-w- c:\program files\FinDisc04.XLS2008-08-28 16:51 . 2008-08-10 03:32 56 --sh--r- c:\windows\system32\0D3DBC9354.sys2009-03-18 15:40 . 2009-03-18 15:40 88 --sh--r- c:\windows\system32\285F9CC61F.sys2009-05-04 00:59 . 2008-06-08 19:18 88 --sh--r- c:\windows\system32\5493BC3D0D.sys.------- Sigcheck -------[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\qmgr.dll[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\bits\qmgr.dll[-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\dllcache\qmgr.dll[-] 2007-03-29 . 65E23953D337574E549B1EF34FE0B1DA . 409600 . . [6.7.2600.3109] . . c:\windows\$hf_mig$\KB923845\SP2QFE\qmgr.dll[7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtUninstallKB923845$\qmgr.dll[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-01 148888]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-09 198160]"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-29 805392]c:\documents and settings\All Users\Start Menu\Programs\Startup\Disney\Mix CentralUninstall Disney Mix-It Plug-in and Skin.lnk - c:\windows\system32\msiexec.exe [2007-11-22 78848][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="c:\\WINDOWS\\system32\\mmc.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"="c:\\Program Files\\MSN Messenger\\livecall.exe"="c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"67:UDP"= 67:UDP:*:Disabled:DHCP Discovery Service"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]R3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2005-11-17 1527900]R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2004-04-27 152576]S2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2006-11-09 99840].Contents of the 'Scheduled Tasks' folder2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]..------- Supplementary Scan -------.uDefault_Search_URL = hxxp://www.google.com/ieuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = 127.0.0.1uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Owner\Start Menu\Programs\IMVU\Run IMVU.lnkTrusted Zone: imageservr.com\locator.cdnTrusted Zone: imageservr.com\locator1.cdnDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabDPF: Yahoo! Dominoes - hxxp://origin.games.yahoo.net/games/clients/y/dot9_x.cabFF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\du6p7p60.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.startup.homepage - yahoo.comFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=FF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\du6p7p60.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dllFF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\.- - - - ORPHANS REMOVED - - - -HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exeHKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exeAddRemove-NVIDIA GART Driver - c:\windows\system32\nvugart.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-09-24 17:16Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... **************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(652)c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllc:\program files\common files\logishrd\bluetooth\LBTServ.dll.Completion time: 2009-09-24 17:19ComboFix-quarantined-files.txt 2009-09-24 21:18Pre-Run: 156,673,634,304 bytes freePost-Run: 156,729,057,280 bytes free376 --- E O F --- 2009-09-16 15:01 Link to post Share on other sites More sharing options...
SpySentinel Posted September 27, 2009 ID:133799 Share Posted September 27, 2009 How is your computer running? Link to post Share on other sites More sharing options...
Guest mimi2425 Posted September 27, 2009 ID:134045 Share Posted September 27, 2009 It`s running normaly like it always did. I can go on websites and run most programs from the task manager. I just cant run any Virus scans and I still cant see my icons and start bar. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 30, 2009 Staff ID:135920 Share Posted September 30, 2009 Hi,SpySentinel asked me to take over this topic.Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad - don't use any other text editor than notepad or the script will fail.Copy/paste the text in the quotebox below into Notepad:FCOPY::c:\windows\$NtUninstallKB923845$\qmgr.dll | c:\windows\system32\qmgr.dllc:\windows\$NtUninstallKB923845$\qmgr.dll | c:\windows\system32\bits\qmgr.dllc:\windows\$NtUninstallKB923845$\qmgr.dll | c:\windows\system32\dllcache\qmgr.dllc:\windows\system32\dllcache\explorer.exe | c:\windows\explorer.exeSave this as CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.Let me know what issues remain.-screen317 Link to post Share on other sites More sharing options...
Guest mimi2425 Posted September 30, 2009 ID:135937 Share Posted September 30, 2009 IT WAS TAKING A WHILE TO GET MY COMP FIXED SO I TOOK MY COMP TO STAPLES AND ITS BACK WORKING NOW THANKS ANYWAY Link to post Share on other sites More sharing options...
Staff screen317 Posted September 30, 2009 Staff ID:136011 Share Posted September 30, 2009 Okay thanks for letting us know.Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts