Jump to content

Malwarebytes runs for a few seconds and then closes


Recommended Posts

i had Windows police pro, and installed MBAM, it found 116 files and quarantined them, then Police pro disappeared, figured it was gone....its not

after the first scan, went to run another, error saying: windows cannot acess the specified path, or file. i can get MBAM open if i run a new install but then the scan closes after about 5 seconds. i also have full paid for McAfee virus which i can only use a lockdown firewall for, and is telling me im not fully protected, and it cannot fix the problem,

keep getting "the blue screen"

installed hijackthis, it ran but closed about halfway through, and now comes up with the same error as MBAM windows cannot acess the specified path, or file.

also found Virus-Bursters in program files and my background changed to a clearly fake blue warning

im running Windows XP media center edition ver.5.1 SP 3

im extremely confused

Link to post
Share on other sites

  • Replies 89
  • Created
  • Last Reply

Top Posters In This Topic

Hi Suzerain13,

Please save this file to your desktop.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. It will take a while to generate.

Please open it with notepad and post the contents here. If the log generated OK then ignore the rest of the directions.

_______________

Only if win32kdiag.exe doesn't run, then download the program to a clean PC and transfer it to removable media (USB drive, CDROM) as follows

  • I want you to rename win32kdiag.exe as you download it to suze.pif
  • Then copy it to removable media and copy that file (suze.pif) to the desktop of the infected PC.

Notes:

  • It is very important that save the newly renamed PIF file to your desktop.
  • You must rename win32kdiag.exe as you download it and not after it is on your computer.
    You may have to modify your browser settings if you use Firefox, so you can rename it as you download it. To do that:
  • For Firefox
    • Open Firefox and click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK

    [*]For Internet Explorer:

    • When downloading, choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it anything with an .exe extension on the end.

Now launch the program suze.pif on the infected PC:

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\suze.pif" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. It will take a while to generate - be sure to let it finish.

Please open it with notepad and post the contents here.

If this is not clear tell me and I will expand upon it.

Link to post
Share on other sites

Running from: C:\Documents and Settings\Owner\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\ehExtCOM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\ehExtCOM

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\ehiExtens

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\ehiExtens

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\ehiwmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\ehiwmp

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP193.tmp\ZAP193.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP193.tmp\ZAP193.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25B.tmp\ZAP25B.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25B.tmp\ZAP25B.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27C.tmp\ZAP27C.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27C.tmp\ZAP27C.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP298.tmp\ZAP298.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP298.tmp\ZAP298.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C2.tmp\ZAP2C2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C2.tmp\ZAP2C2.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33E.tmp\ZAP33E.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33E.tmp\ZAP33E.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP822.tmp\ZAP822.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP822.tmp\ZAP822.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\inf\ASM\ASM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\inf\ASM\ASM

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Cannot access: C:\WINDOWS\system32\drivers\glaide32.sys

Attempting to restore permissions of : C:\WINDOWS\system32\drivers\glaide32.sys

[1] 2009-09-26 18:44:09 89344 C:\WINDOWS\system32\drivers\glaide32.sys ()

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-10 15:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\Temp\iss13.tmp\iss13.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\iss13.tmp\iss13.tmp

Found mount point : C:\WINDOWS\Temp\IXP001.TMP\IXP001.TMP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\IXP001.TMP\IXP001.TMP

Found mount point : C:\WINDOWS\Temp\MCA21.tmp\MCA21.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCA21.tmp\MCA21.tmp

Found mount point : C:\WINDOWS\Temp\MCE00000\MCE00000

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00000\MCE00000

Found mount point : C:\WINDOWS\Temp\MCE00001\MCE00001

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00001\MCE00001

Found mount point : C:\WINDOWS\Temp\MCE00002\MCE00002

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00002\MCE00002

Found mount point : C:\WINDOWS\Temp\MCE00003\MCE00003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00003\MCE00003

Found mount point : C:\WINDOWS\Temp\MCE00004\MCE00004

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00004\MCE00004

Found mount point : C:\WINDOWS\Temp\MCE00005\MCE00005

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00005\MCE00005

Found mount point : C:\WINDOWS\Temp\MCE00006\MCE00006

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00006\MCE00006

Found mount point : C:\WINDOWS\Temp\MCE00007\MCE00007

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00007\MCE00007

Found mount point : C:\WINDOWS\Temp\MCE00008\MCE00008

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00008\MCE00008

Found mount point : C:\WINDOWS\Temp\MCE00009\MCE00009

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00009\MCE00009

Found mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a

Found mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b

Found mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c

Found mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d

Found mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e

Found mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f

Found mount point : C:\WINDOWS\Temp\MCE00010\MCE00010

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00010\MCE00010

Found mount point : C:\WINDOWS\Temp\MCE00011\MCE00011

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00011\MCE00011

Found mount point : C:\WINDOWS\Temp\MCE00012\MCE00012

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00012\MCE00012

Found mount point : C:\WINDOWS\Temp\MCE00013\MCE00013

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00013\MCE00013

Found mount point : C:\WINDOWS\Temp\MCE00014\MCE00014

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00014\MCE00014

Found mount point : C:\WINDOWS\Temp\MCE00015\MCE00015

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00015\MCE00015

Found mount point : C:\WINDOWS\Temp\MCE00016\MCE00016

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00016\MCE00016

Found mount point : C:\WINDOWS\Temp\MCE00017\MCE00017

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00017\MCE00017

Found mount point : C:\WINDOWS\Temp\MCE00018\MCE00018

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00018\MCE00018

Found mount point : C:\WINDOWS\Temp\MCE00019\MCE00019

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00019\MCE00019

Found mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a

Found mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b

Found mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c

Found mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d

Found mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e

Found mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f

Found mount point : C:\WINDOWS\Temp\MCE00020\MCE00020

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00020\MCE00020

Found mount point : C:\WINDOWS\Temp\MCE00021\MCE00021

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00021\MCE00021

Found mount point : C:\WINDOWS\Temp\MCE00022\MCE00022

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00022\MCE00022

Found mount point : C:\WINDOWS\Temp\MCE00023\MCE00023

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00023\MCE00023

Found mount point : C:\WINDOWS\Temp\MCE00024\MCE00024

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00024\MCE00024

Found mount point : C:\WINDOWS\Temp\MCE00025\MCE00025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00025\MCE00025

Found mount point : C:\WINDOWS\Temp\MCE00026\MCE00026

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00026\MCE00026

Found mount point : C:\WINDOWS\Temp\MCE00027\MCE00027

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00027\MCE00027

Found mount point : C:\WINDOWS\Temp\MCE00028\MCE00028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00028\MCE00028

Found mount point : C:\WINDOWS\Temp\MCE00029\MCE00029

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00029\MCE00029

Found mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a

Found mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b

Found mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c

Found mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d

Found mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e

Found mount point : C:\WINDOWS\Temp\MCE0002f\MCE0002f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002f\MCE0002f

Found mount point : C:\WINDOWS\Temp\MCE00030\MCE00030

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00030\MCE00030

Found mount point : C:\WINDOWS\Temp\MCE00031\MCE00031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00031\MCE00031

Found mount point : C:\WINDOWS\Temp\MCE00032\MCE00032

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00032\MCE00032

Found mount point : C:\WINDOWS\Temp\MCE00033\MCE00033

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00033\MCE00033

Found mount point : C:\WINDOWS\Temp\MCE00034\MCE00034

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00034\MCE00034

Found mount point : C:\WINDOWS\Temp\MCE00035\MCE00035

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00035\MCE00035

Found mount point : C:\WINDOWS\Temp\MCE00036\MCE00036

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00036\MCE00036

Found mount point : C:\WINDOWS\Temp\MCE00037\MCE00037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00037\MCE00037

Found mount point : C:\WINDOWS\Temp\MCE00038\MCE00038

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00038\MCE00038

Found mount point : C:\WINDOWS\Temp\MCE00039\MCE00039

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00039\MCE00039

Found mount point : C:\WINDOWS\Temp\MCE0003a\MCE0003a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003a\MCE0003a

Found mount point : C:\WINDOWS\Temp\MCE0003b\MCE0003b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003b\MCE0003b

Found mount point : C:\WINDOWS\Temp\MCE0003c\MCE0003c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003c\MCE0003c

Found mount point : C:\WINDOWS\Temp\MCE0003d\MCE0003d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003d\MCE0003d

Found mount point : C:\WINDOWS\Temp\MCE0003e\MCE0003e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003e\MCE0003e

Found mount point : C:\WINDOWS\Temp\MCE0003f\MCE0003f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003f\MCE0003f

Found mount point : C:\WINDOWS\Temp\MCE00040\MCE00040

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00040\MCE00040

Found mount point : C:\WINDOWS\Temp\MCE00041\MCE00041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00041\MCE00041

Found mount point : C:\WINDOWS\Temp\MCE00042\MCE00042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00042\MCE00042

Found mount point : C:\WINDOWS\Temp\MCE00043\MCE00043

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00043\MCE00043

Found mount point : C:\WINDOWS\Temp\MCE00044\MCE00044

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00044\MCE00044

Found mount point : C:\WINDOWS\Temp\MCE00045\MCE00045

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00045\MCE00045

Found mount point : C:\WINDOWS\Temp\MCE00046\MCE00046

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00046\MCE00046

Found mount point : C:\WINDOWS\Temp\MCE00047\MCE00047

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00047\MCE00047

Found mount point : C:\WINDOWS\Temp\MCE00048\MCE00048

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00048\MCE00048

Found mount point : C:\WINDOWS\Temp\MCE00049\MCE00049

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00049\MCE00049

Found mount point : C:\WINDOWS\Temp\MCE0004a\MCE0004a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004a\MCE0004a

Found mount point : C:\WINDOWS\Temp\MCE0004b\MCE0004b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004b\MCE0004b

Found mount point : C:\WINDOWS\Temp\MCE0004c\MCE0004c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004c\MCE0004c

Found mount point : C:\WINDOWS\Temp\MCE0004d\MCE0004d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004d\MCE0004d

Found mount point : C:\WINDOWS\Temp\MCE0004e\MCE0004e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004e\MCE0004e

Found mount point : C:\WINDOWS\Temp\MCE0004f\MCE0004f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004f\MCE0004f

Found mount point : C:\WINDOWS\Temp\MCE00050\MCE00050

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00050\MCE00050

Found mount point : C:\WINDOWS\Temp\MCE00051\MCE00051

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00051\MCE00051

Found mount point : C:\WINDOWS\Temp\MCE00052\MCE00052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00052\MCE00052

Found mount point : C:\WINDOWS\Temp\MCE00053\MCE00053

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00053\MCE00053

Found mount point : C:\WINDOWS\Temp\MCE00054\MCE00054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00054\MCE00054

Found mount point : C:\WINDOWS\Temp\MCE00055\MCE00055

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00055\MCE00055

Found mount point : C:\WINDOWS\Temp\MCE00056\MCE00056

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00056\MCE00056

Found mount point : C:\WINDOWS\Temp\MCE00057\MCE00057

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00057\MCE00057

Found mount point : C:\WINDOWS\Temp\MCE00058\MCE00058

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00058\MCE00058

Found mount point : C:\WINDOWS\Temp\MCE00059\MCE00059

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00059\MCE00059

Found mount point : C:\WINDOWS\Temp\MCE0005a\MCE0005a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005a\MCE0005a

Found mount point : C:\WINDOWS\Temp\MCE0005b\MCE0005b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005b\MCE0005b

Found mount point : C:\WINDOWS\Temp\MCE0005c\MCE0005c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005c\MCE0005c

Found mount point : C:\WINDOWS\Temp\MCE0005d\MCE0005d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005d\MCE0005d

Found mount point : C:\WINDOWS\Temp\MCE0005e\MCE0005e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005e\MCE0005e

Found mount point : C:\WINDOWS\Temp\MCE0005f\MCE0005f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005f\MCE0005f

Found mount point : C:\WINDOWS\Temp\MCE00060\MCE00060

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00060\MCE00060

Found mount point : C:\WINDOWS\Temp\MCE00061\MCE00061

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00061\MCE00061

Found mount point : C:\WINDOWS\Temp\MCE00062\MCE00062

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00062\MCE00062

Found mount point : C:\WINDOWS\Temp\MCE00063\MCE00063

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00063\MCE00063

Found mount point : C:\WINDOWS\Temp\MCE00064\MCE00064

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00064\MCE00064

Found mount point : C:\WINDOWS\Temp\MCE00065\MCE00065

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00065\MCE00065

Found mount point : C:\WINDOWS\Temp\MCE00066\MCE00066

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00066\MCE00066

Found mount point : C:\WINDOWS\Temp\MCE00067\MCE00067

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00067\MCE00067

Found mount point : C:\WINDOWS\Temp\MCE00068\MCE00068

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00068\MCE00068

Found mount point : C:\WINDOWS\Temp\MCE00069\MCE00069

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00069\MCE00069

Found mount point : C:\WINDOWS\Temp\MCE0006a\MCE0006a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006a\MCE0006a

Found mount point : C:\WINDOWS\Temp\MCE0006b\MCE0006b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006b\MCE0006b

Found mount point : C:\WINDOWS\Temp\MCE0006c\MCE0006c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006c\MCE0006c

Found mount point : C:\WINDOWS\Temp\MCE0006d\MCE0006d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006d\MCE0006d

Found mount point : C:\WINDOWS\Temp\MCE0006e\MCE0006e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006e\MCE0006e

Found mount point : C:\WINDOWS\Temp\MCE0006f\MCE0006f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006f\MCE0006f

Found mount point : C:\WINDOWS\Temp\MCE00070\MCE00070

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00070\MCE00070

Found mount point : C:\WINDOWS\Temp\MCE00071\MCE00071

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00071\MCE00071

Found mount point : C:\WINDOWS\Temp\MCE00072\MCE00072

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00072\MCE00072

Found mount point : C:\WINDOWS\Temp\MCE00073\MCE00073

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00073\MCE00073

Found mount point : C:\WINDOWS\Temp\MCE00074\MCE00074

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00074\MCE00074

Found mount point : C:\WINDOWS\Temp\MCE00075\MCE00075

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00075\MCE00075

Found mount point : C:\WINDOWS\Temp\MCE00076\MCE00076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00076\MCE00076

Found mount point : C:\WINDOWS\Temp\MCE00077\MCE00077

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00077\MCE00077

Found mount point : C:\WINDOWS\Temp\MCE00078\MCE00078

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00078\MCE00078

Found mount point : C:\WINDOWS\Temp\MCE00079\MCE00079

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00079\MCE00079

Found mount point : C:\WINDOWS\Temp\MCE0007a\MCE0007a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007a\MCE0007a

Found mount point : C:\WINDOWS\Temp\MCE0007b\MCE0007b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007b\MCE0007b

Found mount point : C:\WINDOWS\Temp\MCE0007c\MCE0007c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007c\MCE0007c

Found mount point : C:\WINDOWS\Temp\MCE0007d\MCE0007d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007d\MCE0007d

Found mount point : C:\WINDOWS\Temp\MCE0007e\MCE0007e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007e\MCE0007e

Found mount point : C:\WINDOWS\Temp\MCE0007f\MCE0007f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007f\MCE0007f

Found mount point : C:\WINDOWS\Temp\MCE00080\MCE00080

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00080\MCE00080

Found mount point : C:\WINDOWS\Temp\MCE00081\MCE00081

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00081\MCE00081

Found mount point : C:\WINDOWS\Temp\MCE00082\MCE00082

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00082\MCE00082

Found mount point : C:\WINDOWS\Temp\MCE00083\MCE00083

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00083\MCE00083

Found mount point : C:\WINDOWS\Temp\MCE00084\MCE00084

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00084\MCE00084

Found mount point : C:\WINDOWS\Temp\MCE00085\MCE00085

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00085\MCE00085

Found mount point : C:\WINDOWS\Temp\MCE00086\MCE00086

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00086\MCE00086

Found mount point : C:\WINDOWS\Temp\MCE00087\MCE00087

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00087\MCE00087

Found mount point : C:\WINDOWS\Temp\MCE00088\MCE00088

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00088\MCE00088

Found mount point : C:\WINDOWS\Temp\MCE00089\MCE00089

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00089\MCE00089

Found mount point : C:\WINDOWS\Temp\MCE0008a\MCE0008a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008a\MCE0008a

Found mount point : C:\WINDOWS\Temp\MCE0008b\MCE0008b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008b\MCE0008b

Found mount point : C:\WINDOWS\Temp\MCE0008c\MCE0008c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008c\MCE0008c

Found mount point : C:\WINDOWS\Temp\MCE0008d\MCE0008d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008d\MCE0008d

Found mount point : C:\WINDOWS\Temp\MCE0008e\MCE0008e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008e\MCE0008e

Found mount point : C:\WINDOWS\Temp\MCE0008f\MCE0008f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008f\MCE0008f

Found mount point : C:\WINDOWS\Temp\MCE00090\MCE00090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00090\MCE00090

Found mount point : C:\WINDOWS\Temp\MCE00091\MCE00091

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00091\MCE00091

Found mount point : C:\WINDOWS\Temp\MCE00092\MCE00092

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00092\MCE00092

Found mount point : C:\WINDOWS\Temp\MCE00093\MCE00093

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00093\MCE00093

Found mount point : C:\WINDOWS\Temp\MCE00094\MCE00094

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00094\MCE00094

Found mount point : C:\WINDOWS\Temp\MCE00095\MCE00095

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00095\MCE00095

Found mount point : C:\WINDOWS\Temp\MCE00096\MCE00096

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00096\MCE00096

Found mount point : C:\WINDOWS\Temp\MCE00097\MCE00097

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00097\MCE00097

Found mount point : C:\WINDOWS\Temp\MCE00098\MCE00098

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00098\MCE00098

Found mount point : C:\WINDOWS\Temp\MCE00099\MCE00099

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00099\MCE00099

Found mount point : C:\WINDOWS\Temp\MCE0009a\MCE0009a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009a\MCE0009a

Found mount point : C:\WINDOWS\Temp\MCE0009b\MCE0009b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009b\MCE0009b

Found mount point : C:\WINDOWS\Temp\MCE0009c\MCE0009c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009c\MCE0009c

Found mount point : C:\WINDOWS\Temp\MCE0009d\MCE0009d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009d\MCE0009d

Found mount point : C:\WINDOWS\Temp\MCE0009e\MCE0009e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009e\MCE0009e

Found mount point : C:\WINDOWS\Temp\MCE0009f\MCE0009f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009f\MCE0009f

Found mount point : C:\WINDOWS\Temp\MCE000a0\MCE000a0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a0\MCE000a0

Found mount point : C:\WINDOWS\Temp\MCE000a1\MCE000a1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a1\MCE000a1

Found mount point : C:\WINDOWS\Temp\MCE000a2\MCE000a2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a2\MCE000a2

Found mount point : C:\WINDOWS\Temp\MCE000a3\MCE000a3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a3\MCE000a3

Found mount point : C:\WINDOWS\Temp\MCE000a4\MCE000a4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a4\MCE000a4

Found mount point : C:\WINDOWS\Temp\MCE000a5\MCE000a5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a5\MCE000a5

Found mount point : C:\WINDOWS\Temp\MCE000a6\MCE000a6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a6\MCE000a6

Found mount point : C:\WINDOWS\Temp\MCE000a7\MCE000a7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a7\MCE000a7

Found mount point : C:\WINDOWS\Temp\MCE000a8\MCE000a8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a8\MCE000a8

Found mount point : C:\WINDOWS\Temp\MCE000a9\MCE000a9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a9\MCE000a9

Found mount point : C:\WINDOWS\Temp\MCE000aa\MCE000aa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000aa\MCE000aa

Found mount point : C:\WINDOWS\Temp\MCE000ab\MCE000ab

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ab\MCE000ab

Found mount point : C:\WINDOWS\Temp\MCE000ac\MCE000ac

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ac\MCE000ac

Found mount point : C:\WINDOWS\Temp\MCE000ad\MCE000ad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ad\MCE000ad

Found mount point : C:\WINDOWS\Temp\MCE000ae\MCE000ae

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ae\MCE000ae

Found mount point : C:\WINDOWS\Temp\MCE000af\MCE000af

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000af\MCE000af

Found mount point : C:\WINDOWS\Temp\MCE000b0\MCE000b0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b0\MCE000b0

Found mount point : C:\WINDOWS\Temp\MCE000b1\MCE000b1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b1\MCE000b1

Found mount point : C:\WINDOWS\Temp\MCE000b2\MCE000b2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b2\MCE000b2

Found mount point : C:\WINDOWS\Temp\MCE000b3\MCE000b3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b3\MCE000b3

Found mount point : C:\WINDOWS\Temp\MCE000b4\MCE000b4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b4\MCE000b4

Found mount point : C:\WINDOWS\Temp\MCE000b5\MCE000b5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b5\MCE000b5

Found mount point : C:\WINDOWS\Temp\MCE000b6\MCE000b6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b6\MCE000b6

Found mount point : C:\WINDOWS\Temp\MCE000b7\MCE000b7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b7\MCE000b7

Found mount point : C:\WINDOWS\Temp\MCE000b8\MCE000b8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b8\MCE000b8

Found mount point : C:\WINDOWS\Temp\MCE000b9\MCE000b9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b9\MCE000b9

Found mount point : C:\WINDOWS\Temp\MCE000ba\MCE000ba

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ba\MCE000ba

Found mount point : C:\WINDOWS\Temp\MCE000bb\MCE000bb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000bb\MCE000bb

Found mount point : C:\WINDOWS\Temp\MCE000bc\MCE000bc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000bc\MCE000bc

Found mount point : C:\WINDOWS\Temp\MCE000bd\MCE000bd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000bd\MCE000bd

Found mount point : C:\WINDOWS\Temp\MCE000be\MCE000be

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000be\MCE000be

Found mount point : C:\WINDOWS\Temp\MCE000bf\MCE000bf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000bf\MCE000bf

Found mount point : C:\WINDOWS\Temp\MCE000c0\MCE000c0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c0\MCE000c0

Found mount point : C:\WINDOWS\Temp\MCE000c1\MCE000c1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c1\MCE000c1

Found mount point : C:\WINDOWS\Temp\MCE000c2\MCE000c2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c2\MCE000c2

Found mount point : C:\WINDOWS\Temp\MCE000c3\MCE000c3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c3\MCE000c3

Found mount point : C:\WINDOWS\Temp\MCE000c4\MCE000c4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c4\MCE000c4

Found mount point : C:\WINDOWS\Temp\MCE000c5\MCE000c5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c5\MCE000c5

Found mount point : C:\WINDOWS\Temp\MCE000c6\MCE000c6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c6\MCE000c6

Found mount point : C:\WINDOWS\Temp\MCE000c7\MCE000c7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c7\MCE000c7

Found mount point : C:\WINDOWS\Temp\MCE000c8\MCE000c8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c8\MCE000c8

Found mount point : C:\WINDOWS\Temp\MCE000c9\MCE000c9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c9\MCE000c9

Found mount point : C:\WINDOWS\Temp\MCE000ca\MCE000ca

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ca\MCE000ca

Found mount point : C:\WINDOWS\Temp\MCE000cb\MCE000cb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000cb\MCE000cb

Found mount point : C:\WINDOWS\Temp\MCE000cc\MCE000cc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000cc\MCE000cc

Found mount point : C:\WINDOWS\Temp\MCE000cd\MCE000cd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000cd\MCE000cd

Found mount point : C:\WINDOWS\Temp\MCE000ce\MCE000ce

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ce\MCE000ce

Found mount point : C:\WINDOWS\Temp\MCE000cf\MCE000cf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000cf\MCE000cf

Found mount point : C:\WINDOWS\Temp\MCE000d0\MCE000d0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d0\MCE000d0

Found mount point : C:\WINDOWS\Temp\MCE000d1\MCE000d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d1\MCE000d1

Found mount point : C:\WINDOWS\Temp\MCE000d2\MCE000d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d2\MCE000d2

Found mount point : C:\WINDOWS\Temp\MCE000d3\MCE000d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d3\MCE000d3

Found mount point : C:\WINDOWS\Temp\MCE000d4\MCE000d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d4\MCE000d4

Found mount point : C:\WINDOWS\Temp\MCE000d5\MCE000d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d5\MCE000d5

Found mount point : C:\WINDOWS\Temp\MCE000d6\MCE000d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d6\MCE000d6

Found mount point : C:\WINDOWS\Temp\MCE000d7\MCE000d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d7\MCE000d7

Found mount point : C:\WINDOWS\Temp\MCE000d8\MCE000d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d8\MCE000d8

Found mount point : C:\WINDOWS\Temp\MCE000d9\MCE000d9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d9\MCE000d9

Found mount point : C:\WINDOWS\Temp\MCE000da\MCE000da

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000da\MCE000da

Found mount point : C:\WINDOWS\Temp\MCE000db\MCE000db

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000db\MCE000db

Found mount point : C:\WINDOWS\Temp\MCE000dc\MCE000dc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000dc\MCE000dc

Found mount point : C:\WINDOWS\Temp\MCE000dd\MCE000dd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000dd\MCE000dd

Found mount point : C:\WINDOWS\Temp\MCE000de\MCE000de

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000de\MCE000de

Found mount point : C:\WINDOWS\Temp\MCE000df\MCE000df

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000df\MCE000df

Found mount point : C:\WINDOWS\Temp\MCE000e0\MCE000e0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e0\MCE000e0

Found mount point : C:\WINDOWS\Temp\MCE000e1\MCE000e1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e1\MCE000e1

Found mount point : C:\WINDOWS\Temp\MCE000e2\MCE000e2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e2\MCE000e2

Found mount point : C:\WINDOWS\Temp\MCE000e3\MCE000e3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e3\MCE000e3

Found mount point : C:\WINDOWS\Temp\MCE000e4\MCE000e4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e4\MCE000e4

Found mount point : C:\WINDOWS\Temp\MCE000e5\MCE000e5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e5\MCE000e5

Found mount point : C:\WINDOWS\Temp\MCE000e6\MCE000e6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e6\MCE000e6

Found mount point : C:\WINDOWS\Temp\MCE000e7\MCE000e7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e7\MCE000e7

Found mount point : C:\WINDOWS\Temp\MCE000e8\MCE000e8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e8\MCE000e8

Found mount point : C:\WINDOWS\Temp\MCE000e9\MCE000e9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e9\MCE000e9

Found mount point : C:\WINDOWS\Temp\MCE000ea\MCE000ea

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ea\MCE000ea

Found mount point : C:\WINDOWS\Temp\MCE000eb\MCE000eb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000eb\MCE000eb

Found mount point : C:\WINDOWS\Temp\MCE000ec\MCE000ec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ec\MCE000ec

Found mount point : C:\WINDOWS\Temp\MCE000ed\MCE000ed

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ed\MCE000ed

Found mount point : C:\WINDOWS\Temp\MCE000ee\MCE000ee

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ee\MCE000ee

Found mount point : C:\WINDOWS\Temp\MCE000ef\MCE000ef

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ef\MCE000ef

Found mount point : C:\WINDOWS\Temp\MCE000f0\MCE000f0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f0\MCE000f0

Found mount point : C:\WINDOWS\Temp\MCE000f1\MCE000f1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f1\MCE000f1

Found mount point : C:\WINDOWS\Temp\MCE000f2\MCE000f2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f2\MCE000f2

Found mount point : C:\WINDOWS\Temp\MCE000f3\MCE000f3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f3\MCE000f3

Found mount point : C:\WINDOWS\Temp\MCE000f4\MCE000f4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f4\MCE000f4

Found mount point : C:\WINDOWS\Temp\MCE000f5\MCE000f5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f5\MCE000f5

Found mount point : C:\WINDOWS\Temp\MCE000f6\MCE000f6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f6\MCE000f6

Found mount point : C:\WINDOWS\Temp\MCE000f7\MCE000f7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f7\MCE000f7

Found mount point : C:\WINDOWS\Temp\MCE000f8\MCE000f8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f8\MCE000f8

Found mount point : C:\WINDOWS\Temp\MCE000f9\MCE000f9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f9\MCE000f9

Found mount point : C:\WINDOWS\Temp\MCE000fa\MCE000fa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000fa\MCE000fa

Found mount point : C:\WINDOWS\Temp\MCE000fb\MCE000fb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000fb\MCE000fb

Found mount point : C:\WINDOWS\Temp\MCE000fc\MCE000fc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000fc\MCE000fc

Found mount point : C:\WINDOWS\Temp\MCE000fd\MCE000fd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000fd\MCE000fd

Found mount point : C:\WINDOWS\Temp\MCE000fe\MCE000fe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000fe\MCE000fe

Found mount point : C:\WINDOWS\Temp\MCE000ff\MCE000ff

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ff\MCE000ff

Found mount point : C:\WINDOWS\Temp\MCE00100\MCE00100

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00100\MCE00100

Found mount point : C:\WINDOWS\Temp\MCE00101\MCE00101

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00101\MCE00101

Found mount point : C:\WINDOWS\Temp\MCE00102\MCE00102

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00102\MCE00102

Found mount point : C:\WINDOWS\Temp\MCE00103\MCE00103

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00103\MCE00103

Found mount point : C:\WINDOWS\Temp\MCE00104\MCE00104

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00104\MCE00104

Found mount point : C:\WINDOWS\Temp\MCE00105\MCE00105

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00105\MCE00105

Found mount point : C:\WINDOWS\Temp\MCE00106\MCE00106

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00106\MCE00106

Found mount point : C:\WINDOWS\Temp\MCE00107\MCE00107

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00107\MCE00107

Found mount point : C:\WINDOWS\Temp\MCE00108\MCE00108

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00108\MCE00108

Found mount point : C:\WINDOWS\Temp\MCE00109\MCE00109

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00109\MCE00109

Found mount point : C:\WINDOWS\Temp\MCE0010a\MCE0010a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010a\MCE0010a

Found mount point : C:\WINDOWS\Temp\MCE0010b\MCE0010b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010b\MCE0010b

Found mount point : C:\WINDOWS\Temp\MCE0010c\MCE0010c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010c\MCE0010c

Found mount point : C:\WINDOWS\Temp\MCE0010d\MCE0010d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010d\MCE0010d

Found mount point : C:\WINDOWS\Temp\MCE0010e\MCE0010e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010e\MCE0010e

Found mount point : C:\WINDOWS\Temp\MCE0010f\MCE0010f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010f\MCE0010f

Found mount point : C:\WINDOWS\Temp\MCE00110\MCE00110

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00110\MCE00110

Found mount point : C:\WINDOWS\Temp\MCE00111\MCE00111

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00111\MCE00111

Found mount point : C:\WINDOWS\Temp\MCE00112\MCE00112

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00112\MCE00112

Found mount point : C:\WINDOWS\Temp\MCE00113\MCE00113

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00113\MCE00113

Found mount point : C:\WINDOWS\Temp\MCE00114\MCE00114

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00114\MCE00114

Found mount point : C:\WINDOWS\Temp\MCE00115\MCE00115

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00115\MCE00115

Found mount point : C:\WINDOWS\Temp\MCE00116\MCE00116

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00116\MCE00116

Found mount point : C:\WINDOWS\Temp\MCE00117\MCE00117

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00117\MCE00117

Found mount point : C:\WINDOWS\Temp\MCE00118\MCE00118

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00118\MCE00118

Found mount point : C:\WINDOWS\Temp\MCE00119\MCE00119

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00119\MCE00119

Found mount point : C:\WINDOWS\Temp\MCE0011a\MCE0011a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011a\MCE0011a

Found mount point : C:\WINDOWS\Temp\MCE0011b\MCE0011b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011b\MCE0011b

Found mount point : C:\WINDOWS\Temp\MCE0011c\MCE0011c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011c\MCE0011c

Found mount point : C:\WINDOWS\Temp\MCE0011d\MCE0011d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011d\MCE0011d

Found mount point : C:\WINDOWS\Temp\MCE0011e\MCE0011e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011e\MCE0011e

Found mount point : C:\WINDOWS\Temp\MCE0011f\MCE0011f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011f\MCE0011f

Found mount point : C:\WINDOWS\Temp\MCE00120\MCE00120

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00120\MCE00120

Found mount point : C:\WINDOWS\Temp\MCE00121\MCE00121

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00121\MCE00121

Found mount point : C:\WINDOWS\Temp\MCE00122\MCE00122

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00122\MCE00122

Found mount point : C:\WINDOWS\Temp\MCE00123\MCE00123

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00123\MCE00123

Found mount point : C:\WINDOWS\Temp\MCE00124\MCE00124

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00124\MCE00124

Found mount point : C:\WINDOWS\Temp\MCE00125\MCE00125

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00125\MCE00125

Found mount point : C:\WINDOWS\Temp\MCE00126\MCE00126

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00126\MCE00126

Found mount point : C:\WINDOWS\Temp\MCE00127\MCE00127

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00127\MCE00127

Found mount point : C:\WINDOWS\Temp\MCE00128\MCE00128

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00128\MCE00128

Found mount point : C:\WINDOWS\Temp\MCE00129\MCE00129

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00129\MCE00129

Found mount point : C:\WINDOWS\Temp\MCE0012a\MCE0012a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012a\MCE0012a

Found mount point : C:\WINDOWS\Temp\MCE0012b\MCE0012b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012b\MCE0012b

Found mount point : C:\WINDOWS\Temp\MCE0012c\MCE0012c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012c\MCE0012c

Found mount point : C:\WINDOWS\Temp\MCE0012d\MCE0012d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012d\MCE0012d

Found mount point : C:\WINDOWS\Temp\MCE0012e\MCE0012e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012e\MCE0012e

Found mount point : C:\WINDOWS\Temp\MCE0012f\MCE0012f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012f\MCE0012f

Found mount point : C:\WINDOWS\Temp\MCE00130\MCE00130

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00130\MCE00130

Found mount point : C:\WINDOWS\Temp\MCE00131\MCE00131

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00131\MCE00131

Found mount point : C:\WINDOWS\Temp\MCE00132\MCE00132

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00132\MCE00132

Found mount point : C:\WINDOWS\Temp\MCE00133\MCE00133

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00133\MCE00133

Found mount point : C:\WINDOWS\Temp\MCE00134\MCE00134

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00134\MCE00134

Found mount point : C:\WINDOWS\Temp\MCE00135\MCE00135

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00135\MCE00135

Found mount point : C:\WINDOWS\Temp\MCE00136\MCE00136

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00136\MCE00136

Found mount point : C:\WINDOWS\Temp\MCE00137\MCE00137

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00137\MCE00137

Found mount point : C:\WINDOWS\Temp\MCE00138\MCE00138

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00138\MCE00138

Found mount point : C:\WINDOWS\Temp\MCE00139\MCE00139

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00139\MCE00139

Found mount point : C:\WINDOWS\Temp\MCE0013a\MCE0013a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013a\MCE0013a

Found mount point : C:\WINDOWS\Temp\MCE0013b\MCE0013b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013b\MCE0013b

Found mount point : C:\WINDOWS\Temp\MCE0013c\MCE0013c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013c\MCE0013c

Found mount point : C:\WINDOWS\Temp\MCE0013d\MCE0013d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013d\MCE0013d

Found mount point : C:\WINDOWS\Temp\MCE0013e\MCE0013e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013e\MCE0013e

Found mount point : C:\WINDOWS\Temp\MCE0013f\MCE0013f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013f\MCE0013f

Found mount point : C:\WINDOWS\Temp\MCE00140\MCE00140

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00140\MCE00140

Found mount point : C:\WINDOWS\Temp\MCE00141\MCE00141

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00141\MCE00141

Found mount point : C:\WINDOWS\Temp\MCE00142\MCE00142

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00142\MCE00142

Found mount point : C:\WINDOWS\Temp\MCE00143\MCE00143

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00143\MCE00143

Found mount point : C:\WINDOWS\Temp\MCE00144\MCE00144

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00144\MCE00144

Found mount point : C:\WINDOWS\Temp\MCE00145\MCE00145

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00145\MCE00145

Found mount point : C:\WINDOWS\Temp\MCE00146\MCE00146

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00146\MCE00146

Found mount point : C:\WINDOWS\Temp\MCE00147\MCE00147

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00147\MCE00147

Found mount point : C:\WINDOWS\Temp\MCE00148\MCE00148

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00148\MCE00148

Found mount point : C:\WINDOWS\Temp\MCE00149\MCE00149

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00149\MCE00149

Found mount point : C:\WINDOWS\Temp\MCE0014a\MCE0014a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014a\MCE0014a

Found mount point : C:\WINDOWS\Temp\MCE0014b\MCE0014b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014b\MCE0014b

Found mount point : C:\WINDOWS\Temp\MCE0014c\MCE0014c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014c\MCE0014c

Found mount point : C:\WINDOWS\Temp\MCE0014d\MCE0014d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014d\MCE0014d

Found mount point : C:\WINDOWS\Temp\MCE0014e\MCE0014e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014e\MCE0014e

Found mount point : C:\WINDOWS\Temp\MCE0014f\MCE0014f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014f\MCE0014f

Found mount point : C:\WINDOWS\Temp\MCE00150\MCE00150

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00150\MCE00150

Found mount point : C:\WINDOWS\Temp\MCE00151\MCE00151

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00151\MCE00151

Found mount point : C:\WINDOWS\Temp\MCE00152\MCE00152

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00152\MCE00152

Found mount point : C:\WINDOWS\Temp\MCE00153\MCE00153

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00153\MCE00153

Found mount point : C:\WINDOWS\Temp\MCE00154\MCE00154

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00154\MCE00154

Found mount point : C:\WINDOWS\Temp\MCE00155\MCE00155

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00155\MCE00155

Found mount point : C:\WINDOWS\Temp\MCE00156\MCE00156

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00156\MCE00156

Found mount point : C:\WINDOWS\Temp\MCE00157\MCE00157

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00157\MCE00157

Found mount point : C:\WINDOWS\Temp\MCE00158\MCE00158

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00158\MCE00158

Found mount point : C:\WINDOWS\Temp\MCE00159\MCE00159

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00159\MCE00159

Found mount point : C:\WINDOWS\Temp\MCE0015a\MCE0015a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015a\MCE0015a

Found mount point : C:\WINDOWS\Temp\MCE0015b\MCE0015b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015b\MCE0015b

Found mount point : C:\WINDOWS\Temp\MCE0015c\MCE0015c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015c\MCE0015c

Found mount point : C:\WINDOWS\Temp\MCE0015d\MCE0015d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015d\MCE0015d

Found mount point : C:\WINDOWS\Temp\MCE0015e\MCE0015e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015e\MCE0015e

Found mount point : C:\WINDOWS\Temp\MCE0015f\MCE0015f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015f\MCE0015f

Found mount point : C:\WINDOWS\Temp\MCE00160\MCE00160

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00160\MCE00160

Found mount point : C:\WINDOWS\Temp\MCE00161\MCE00161

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00161\MCE00161

Found mount point : C:\WINDOWS\Temp\MCE00162\MCE00162

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00162\MCE00162

Found mount point : C:\WINDOWS\Temp\MCE00163\MCE00163

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00163\MCE00163

Found mount point : C:\WINDOWS\Temp\MCE00164\MCE00164

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00164\MCE00164

Found mount point : C:\WINDOWS\Temp\MCE00165\MCE00165

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00165\MCE00165

Found mount point : C:\WINDOWS\Temp\MCE00166\MCE00166

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00166\MCE00166

Found mount point : C:\WINDOWS\Temp\MCE00167\MCE00167

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00167\MCE00167

Found mount point : C:\WINDOWS\Temp\MCE00168\MCE00168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00168\MCE00168

Found mount point : C:\WINDOWS\Temp\MCE00169\MCE00169

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00169\MCE00169

Found mount point : C:\WINDOWS\Temp\MCE0016a\MCE0016a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016a\MCE0016a

Found mount point : C:\WINDOWS\Temp\MCE0016b\MCE0016b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016b\MCE0016b

Found mount point : C:\WINDOWS\Temp\MCE0016c\MCE0016c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016c\MCE0016c

Found mount point : C:\WINDOWS\Temp\MCE0016d\MCE0016d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016d\MCE0016d

Found mount point : C:\WINDOWS\Temp\MCE0016e\MCE0016e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016e\MCE0016e

Found mount point : C:\WINDOWS\Temp\MCE0016f\MCE0016f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016f\MCE0016f

Found mount point : C:\WINDOWS\Temp\MCE00170\MCE00170

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00170\MCE00170

Found mount point : C:\WINDOWS\Temp\MCE00171\MCE00171

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00171\MCE00171

Found mount point : C:\WINDOWS\Temp\MCE00172\MCE00172

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00172\MCE00172

Found mount point : C:\WINDOWS\Temp\MCE00173\MCE00173

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00173\MCE00173

Found mount point : C:\WINDOWS\Temp\MCE00174\MCE00174

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00174\MCE00174

Found mount point : C:\WINDOWS\Temp\MCE00175\MCE00175

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00175\MCE00175

Found mount point : C:\WINDOWS\Temp\MCE00176\MCE00176

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00176\MCE00176

Found mount point : C:\WINDOWS\Temp\MCE00177\MCE00177

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00177\MCE00177

Found mount point : C:\WINDOWS\Temp\MCE00178\MCE00178

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00178\MCE00178

Found mount point : C:\WINDOWS\Temp\MCE00179\MCE00179

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00179\MCE00179

Found mount point : C:\WINDOWS\Temp\MCE0017a\MCE0017a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017a\MCE0017a

Found mount point : C:\WINDOWS\Temp\MCE0017b\MCE0017b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017b\MCE0017b

Found mount point : C:\WINDOWS\Temp\MCE0017c\MCE0017c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017c\MCE0017c

Found mount point : C:\WINDOWS\Temp\MCE0017d\MCE0017d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017d\MCE0017d

Found mount point : C:\WINDOWS\Temp\MCE0017e\MCE0017e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017e\MCE0017e

Found mount point : C:\WINDOWS\Temp\MCE0017f\MCE0017f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017f\MCE0017f

Found mount point : C:\WINDOWS\Temp\MCE00180\MCE00180

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00180\MCE00180

Found mount point : C:\WINDOWS\Temp\MCE00181\MCE00181

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00181\MCE00181

Found mount point : C:\WINDOWS\Temp\MCE00182\MCE00182

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00182\MCE00182

Found mount point : C:\WINDOWS\Temp\TempRec\TempSBE\TempSBE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\TempRec\TempSBE\TempSBE

Found mount point : C:\WINDOWS\Temp\VBE\VBE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\VBE\VBE

Found mount point : C:\WINDOWS\Temp\{A5728016-B2E9-450D-93A1-B9E9486D981D}\{A5728016-B2E9-450D-93A1-B9E9486D981D}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\{A5728016-B2E9-450D-93A1-B9E9486D981D}\{A5728016-B2E9-450D-93A1-B9E9486D981D}

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Finished!

Link to post
Share on other sites

If you want to try to remove the infection and forego the reformat and reinstall, do the following please:

Hi and Welcome to the Malwarebytes' forum.

Please download ATF Cleaner by Atribune

  • Close Internet Explorer and any other open browsers
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click
  • No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Reboot

Next, download this Antirootkit Program to a folder that you create such as C:\ARK.

Disable the active protection component of your antivirus by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Next, please perform a rootkit scan:

  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to run the program.
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • When the "quick" scan is finished (a few seconds), copy the quick scan report to the windows clipboard.
  • Save the Scan log as ARK.txt and post it in your next reply. If the log is very long attach it please.

Please download Combofix from one of these locations:

HERE or HERE

I want you to rename Combofix.exe as you download it to a name of your choice such as rayman.exe

Notes:

  • It is very important that save the newly renamed EXE file to your desktop.
  • You must rename Combofixe.exe as you download it and not after it is on your computer.
    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
    • Open Firefox
    • Click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK

    [*]For Internet Explorer:

    • Choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it anything with an .exe extension on the end.

Here is a tutorial that describes how to download, install and run Combofix more thoroughly. Please review it and follow the prompts to install Recovery Console - if you have not done that already:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! Temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingcomputer.com/forums/topic114351.html

Also, disable your firewall!

You can enable the Window firewall in the interim, until the scan is complete.

Note: The above tutorial does not tell you to rename Combofix as I have instructed you to do in the above instructions, so make sure you complete the renaming step before launching Combofix.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

  • Close any open browsers.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

1. Double click on the renamed combofix.exe & follow the prompts.

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

--

Rename "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" -> "C:\Program Files\Malwarebytes' Anti-Malware\newyork.exe"

  • Now, relaunch MBAM by double-clicking newyork.exe in the MBAM folder.
  • Select the Update tab -> Check for Updates
  • After MBAM updates, select the Scanner tab.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK -> Show Results to view the scan results.
  • Check all items found, and then choose the 'Remove Selected' option to move the selected items to the quarantine.
  • When the scan is done, a log will open in Notepad with the scan results. Please post the results in your next reply.

NOTE: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please post C:\ComboFix.txt, your antirootkit log (ARK.txt), and a new MBAM log in your next reply.

Link to post
Share on other sites

GMER 1.0.15.15087 - http://www.gmer.net

Rootkit quick scan 2009-09-26 20:59:40

Windows 5.1.2600 Service Pack 3

Running: dvsbxecb.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdypow.sys

---- System - GMER 1.0.15 ----

SSDT spox.sys ZwEnumerateKey [0xF72EDCA4]

SSDT spox.sys ZwEnumerateValueKey [0xF72EE032]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF36A34EA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF36A3498]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF36A34AC]

Code 85300530 ZwFlushInstructionCache

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF36A352A]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF36A3470]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF36A3484]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF36A34FE]

Code 8531F25E ZwSaveKey

Code 85314E96 ZwSaveKeyEx

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF36A34D6]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF36A34C2]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF36A3559]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF36A3540]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF36A3514]

Code 853285CE IofCallDriver

Code 85329B1E IofCompleteRequest

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855501F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:4596] SSDT 0x843B45D0 != 0x80504460

Thread QTTask.exe [480:488] SSDT 0x84179B90 != 0x80504460

Thread winlogon.exe [688:704] SSDT 0x84179B90 != 0x80504460

Thread winlogon.exe [688:576] SSDT 0x843B45D0 != 0x80504460

Thread winlogon.exe [688:3504] SSDT 0x843B45D0 != 0x80504460

Thread services.exe [740:776] SSDT 0x84179B90 != 0x80504460

Thread services.exe [740:1248] SSDT 0x84179B90 != 0x80504460

Thread services.exe [740:3324] SSDT 0x843B45D0 != 0x80504460

Thread services.exe [740:3368] SSDT 0x843B45D0 != 0x80504460

Thread services.exe [740:4464] SSDT 0x843B45D0 != 0x80504460

Thread services.exe [740:4472] SSDT 0x843B45D0 != 0x80504460

Thread services.exe [740:4488] SSDT 0x843B45D0 != 0x80504460

Thread services.exe [740:4540] SSDT 0x843B45D0 != 0x80504460

Thread lsass.exe [768:780] SSDT 0x84179B90 != 0x80504460

Thread lsass.exe [768:848] SSDT 0x84179B90 != 0x80504460

Thread lsass.exe [768:912] SSDT 0x84179B90 != 0x80504460

Thread lsass.exe [768:820] SSDT 0x843B45D0 != 0x80504460

Thread lsass.exe [768:4432] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [952:976] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [952:1176] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [952:2444] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [952:3668] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [952:3692] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [952:3800] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [952:3492] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1040:1048] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1040:1572] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1040:4548] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1040:656] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1040:3992] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:1192] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:1480] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:1484] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:1564] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:1632] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:3236] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:3244] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:3556] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:3624] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:3740] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3744] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3748] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3756] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3840] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:4052] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:4072] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:304] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:380] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:384] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:440] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:444] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:564] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:1348] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:1832] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:1948] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:2388] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:628] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:2008] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:2480] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:2644] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:2704] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:2736] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:2952] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:2844] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:3136] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:1280] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3268] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3296] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3292] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3316] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3340] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3396] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:2236] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:2256] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3620] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3808] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3924] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:3996] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:1200] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:1580] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:2376] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1180:2380] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:1812] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1180:5064] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1260:1292] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1260:1548] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1260:4384] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1260:5632] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1468:1524] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1468:3516] SSDT 0x843B45D0 != 0x80504460

Thread spoolsv.exe [1652:1668] SSDT 0x84179B90 != 0x80504460

Thread spoolsv.exe [1652:2596] SSDT 0x84179B90 != 0x80504460

Thread spoolsv.exe [1652:2648] SSDT 0x843B45D0 != 0x80504460

Thread spoolsv.exe [1652:3320] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [1720:1728] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [1720:5196] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:4392] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:3312] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:2160] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:4424] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:376] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:3536] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:4020] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:4024] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:2216] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:2212] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:1432] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:4084] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:592] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:3932] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:2956] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:2532] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:2528] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:2552] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:2808] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:2972] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:3968] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:4004] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:3984] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:4008] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:3600] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:3916] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:3724] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:3972] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:4000] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:4012] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:1424] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:1980] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:1368] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [2132:3812] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:4400] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:2232] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:3300] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:1828] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [2132:844] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [2608:2592] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [2608:2660] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [2608:2372] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [2608:2512] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [2608:2776] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [2608:2780] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [2608:2460] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [2608:2816] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [2608:3264] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3164:3252] SSDT 0x84179B90 != 0x80504460

Thread svchost.exe [3164:3872] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3164:1308] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3164:4088] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3164:2124] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3164:4108] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3164:4580] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3360:3696] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3360:3700] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3360:3704] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3360:3772] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3360:3964] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3360:4904] SSDT 0x843B45D0 != 0x80504460

Thread svchost.exe [3360:5200] SSDT 0x843B45D0 != 0x80504460

Thread ctfmon.exe [3900:3912] SSDT 0x84179B90 != 0x80504460

Thread ctfmon.exe [3900:3948] SSDT 0x843B45D0 != 0x80504460

Thread ctfmon.exe [3900:3952] SSDT 0x843B45D0 != 0x80504460

Thread ctfmon.exe [3900:4036] SSDT 0x843B45D0 != 0x80504460

Thread dvsbxecb.exe [4608:4592] SSDT 0x84179B90 != 0x80504460

Thread dvsbxecb.exe [4608:4588] SSDT 0x843B45D0 != 0x80504460

Thread dvsbxecb.exe [4608:4600] SSDT 0x843B45D0 != 0x80504460

Thread dvsbxecb.exe [4608:4604] SSDT 0x843B45D0 != 0x80504460

Thread explorer.exe [4952:4956] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:4960] SSDT 0x843B45D0 != 0x80504460

Thread explorer.exe [4952:4964] SSDT 0x843B45D0 != 0x80504460

Thread explorer.exe [4952:4968] SSDT 0x843B45D0 != 0x80504460

Thread explorer.exe [4952:4972] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:4976] SSDT 0x843B45D0 != 0x80504460

Thread explorer.exe [4952:4980] SSDT 0x843B45D0 != 0x80504460

Thread explorer.exe [4952:4984] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:4992] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:5004] SSDT 0x843B45D0 != 0x80504460

Thread explorer.exe [4952:5008] SSDT 0x843B45D0 != 0x80504460

Thread explorer.exe [4952:5016] SSDT 0x843B45D0 != 0x80504460

Thread explorer.exe [4952:5028] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:5084] SSDT 0x843B45D0 != 0x80504460

Thread explorer.exe [4952:5096] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:5132] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:5140] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:5192] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:5212] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:5216] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:5220] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:5244] SSDT 0x843B45D0 != 0x80504460

Thread explorer.exe [4952:5248] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:5264] SSDT 0x84179B90 != 0x80504460

Thread explorer.exe [4952:2880] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5304] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5300:5312] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5316] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5320] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5324] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5300:5332] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5336] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5340] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5344] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5348] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5352] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5360] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5364] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5300:5384] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5388] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5300:5392] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5300:5396] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5416] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5300:5428] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:5432] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5300:5504] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5300:372] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:4520] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5300:764] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5404] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5408] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5412] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5420] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5424] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5440] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5444] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5448] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5452] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5456] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5460] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5464] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5468] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5472] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5476] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5480] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5484] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5496] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5508] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5512] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5516] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5520] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5532] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5540] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5544] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5560] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5564] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5572] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5576] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5584] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5588] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5604] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5656] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5664] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5668] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:5696] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:5700] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:940] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:2280] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:2292] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:2296] SSDT 0x843B45D0 != 0x80504460

Thread iexplore.exe [5400:2028] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:4064] SSDT 0x84179B90 != 0x80504460

Thread iexplore.exe [5400:1848] SSDT 0x84179B90 != 0x80504460

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gasfkymxtltkvl.sys (*** hidden *** ) [sYSTEM] gasfkyxvndfurf <-- ROOTKIT !!!

Service C:\WINDOWS\system32\drivers\yimkrbcheswaan.sys (*** hidden *** ) [AUTO] zwmoohpkgjzczip <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

OK you have two rootkits visible in the ARK program.

Try to run renamed Combofix (rayman.exe) now. You have to disable McAfee completely or even uninstall it and then reinstall it after running Combofix. It is not functional at this point anyway.

If you have trouble running Combofix, you can try launching combofix from the run line, like this:

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\rayman.exe.exe" /killall

Then hit Enter or click OK.

If you still have trouble, run Combofix in safe mode.

To boot into safe mode:

1. Restart the computer

2. Watch the screen while it is black. After the BIOS memory check is done, start tapping the F8 key. If done right, the Windows Advanced Options Menu will appear.

3. Select Safe Mode from the menu. Starting Windows in Safe Mode may take several minutes

Post back C:\Combofix.txt please.

Link to post
Share on other sites

using an iPhone for posts.... Did not completely unistall McAfee. Launched in...regular? mode just by double clicking...started running it before your 917 post, which if read probably would have avoided this I'm guessing

It told me it found roots running and to wrote them down and it has to restart, repeated twice and on third time said explorer fail to initiate properly, now its just a blank screen

Link to post
Share on other sites

Try to kill the combofix process, and cmd.exe in task manager.

Then reboot into safe mode and run combofix the way I described from the run line. You have too many iexplore processes launching because of the rootkit. Safe mode is a much cleaner environment so combofix can run with less interference.

Link to post
Share on other sites

OK then forget this unless it happens again that you cannot boot then try to:

Start your computer by using the Last Known Good Configuration feature

1. Start your computer. Tap F8 as if you were going into safe mode

2. When the Windows Advanced Options menu appears, use the ARROW keys to select Last Known Good Configuration (your most recent settings that worked), and then press ENTER.

3. If you are running other operating systems on your computer, use the ARROW keys to select Microsoft Windows XP, and then press ENTER.

Link to post
Share on other sites

See if a log C:\Combofix.txt exists - if so post that please.

OK. Let's first try to run MBAM as described in article I gave you link to:

Rename "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" -> "C:\Program Files\Malwarebytes' Anti-Malware\mbam.com"

  • Now relaunch MBAM by double-clicking mbam.com in the MBAM folder.
  • Select the Update tab -> Check for Updates
  • After MBAM updates, select the Scanner tab.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK -> Show Results to view the scan results.
  • Check all items found, and then choose the 'Remove Selected' option to move the selected items to the quarantine.
  • When the scan is done, a log will open in Notepad with the scan results. Please post the results in your next reply.

NOTE: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.