Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows Cannot Access the Specified Device,Path or File. You May not h

Started by whits , Aug 31 2009 02:53 PM

This topic is locked

#1
whits

Posted 31 August 2009 - 02:53 PM

Member

Member
21 posts

Hello,

Just wondering if you can help me, i've spent the last hour or so trying to work out how to get rid of the malware/spyware that i've got on my computer but seem to be going round in circles.

My biggest problem is everytime i go to open a virus or malware removal programme my computer shuts down the programme and then if you go to open it again it comes up with "Windows Cannot Access the Specified Device,Path or File. You May not have the appropriate perssions to access the item"

Internet Explorer closes automatically without that warning however FireFox seems to be running ok and it hasn't affected my internet connection from what i can see.

I have even tried loading in safemode to run Malwarebyte's and AVG but both are effected by the same problem, i've gone to try and run the loads for hijack this however i have the same issue, the programme just shuts down after installation and then becomes unusable.

Any ideas?!

Thanks

Edited by whits, 31 August 2009 - 02:54 PM.

#2
NeonFx

Posted 04 September 2009 - 12:54 PM

Malware Removal Dude

Expert
3,798 posts

Hello there

Welcome to the GeeksToGo forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me. I am still a student here, and as such I will have to have all my responses checked by a malware removal expert before I post them here.

Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

I will have instructions for you soon.

#3
NeonFx

Posted 04 September 2009 - 01:20 PM

Malware Removal Dude

Expert
3,798 posts

I apologize for the delay in getting to you. Please do the following:

STEP 1

Please download Win32Diag from one of the links below and save it to your Desktop.

Link 1
Link 2
Link 3

Double-click on Win32Diag.exe to run it. If you are using Windows Vista, please right-click and select Run As Administrator
A black command prompt window shall appear.
It will now begin to scan. This may take a while, please be paitent until the scan is complete.
Once it's done, in the black screen it will say "Finished! Press any key to exit.... Press any key to exit.
A log file called Win32KDiag.txt will be created on your desktop.
Please copy and paste the contents of that log file here in your next reply.

STEP 2

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

#4
whits

Posted 06 September 2009 - 11:08 AM

Member

Topic Starter
Member
21 posts

Hi Neon,

Thanks for the response, i've run the win32diag and attached the file as per your request.

I have downloaded combofix and tried to run it however it starts (the intial loading bar and then doesn't boot the programme). I am trying to run it while in safe mode, would that cause an issue? When i boot into the standard mode it now says there is an error with Windows and it will restart in the next minute.

What a nightmare!!

Attached Files

Win32kDiag.txt 52.91KB 354 downloads

#5
NeonFx

Posted 06 September 2009 - 11:22 AM

Malware Removal Dude

Expert
3,798 posts

Hold up, ill have instructions for you soon.

#6
NeonFx

Posted 06 September 2009 - 02:58 PM

Malware Removal Dude

Expert
3,798 posts

Hi whits. Please just copy and paste your logs here unless I ask you to do otherwise. It makes it easier for me to read.

To prevent your computer from shutting down in normal mode you're going to have to do the following:

Go to Start > Run and type shutdown -a to abort the shutdown. You can also use the key combination Windows Key + R to open a Run dialog quicker.

If you can get into normal mode, do the following in normal mode. If not, go ahead and do it all in SafeMode with Networking:

Ok. Please do the following:

STEP 1

Please delete your version of Win32kDiag.exe and redownload it from HERE

Make sure win32kdiag.exe is on your Desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag_f_r.txt on your desktop. Please open it with notepad and post the contents here.

STEP 2

Copy a file:

To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
copy C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll C:\
exit

Save it to your desktop as File name: cp.bat
Save as type: All Files

Once done, double click cp.bat to run it. A command window will open briefly, then close. This is quite normal.

STEP 3

1. Please download The Avenger2 by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\cngaudit.dll | C:\Windows\System32\cngaudit.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

STEP 4

Reboot your computer and then delete your copy of ComboFix and redownload it from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .

#7
whits

Posted 07 September 2009 - 12:24 PM

Member

Topic Starter
Member
21 posts

Log file is located at: C:\Users\Badger\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\AppPatch\Custom\Custom

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP934B.tmp\ZAP934B.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP934B.tmp\ZAP934B.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD4AD.tmp\ZAPD4AD.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD4AD.tmp\ZAPD4AD.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFA16.tmp\ZAPFA16.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFA16.tmp\ZAPFA16.tmp

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\temp\temp

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\tmp\tmp

Found mount point : C:\Windows\Drivers\Audio Driver (Realtek) 6.0I - 6.0.1.5449\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Drivers\Audio Driver (Realtek) 6.0I - 6.0.1.5449\Config\Config

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ehome\CreateDisc\style\style

Found mount point : C:\Windows\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ftpcache\ftpcache

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Globalization\Globalization

Found mount point : C:\Windows\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Google Toolbar\Google Toolbar

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Help\Corporate\Corporate

Found mount point : C:\Windows\inf\en-US\en-US

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\inf\en-US\en-US

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109AB0090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109AB0090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\Windows\LiveKernelReports\WATCHDOG\WATCHDOG

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\LiveKernelReports\WATCHDOG\WATCHDOG

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Microsoft.NET\authman\authman

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ModemLogs\ModemLogs

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\nap\configuration\configuration

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Panther\setup.exe\setup.exe

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PLA\Templates\Templates

Found mount point : C:\Windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Registration\CRMLog\CRMLog

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SchCache\SchCache

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\security\templates\templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\v2.0.50727.312

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\v2.0.50727.312

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Crypto\Keys\Keys

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Crypto\Keys\Keys

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db

Found mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390

Found mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3

Found mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19

Found mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17

Found mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0

Could not open reparse point C:\Windows\SoftwareDistribution\Download\3dfb6e68d367fb8f4a87c37935e1494d\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.16868_none_ca1affdbd9d49d2f\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.16868_none_ca1affdbd9d49d2f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\3dfb6e68d367fb8f4a87c37935e1494d\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.21065_none_caa173eaf2f52436\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.21065_none_caa173eaf2f52436: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\3dfb6e68d367fb8f4a87c37935e1494d\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18270_none_cbee6c45d70a7f59\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18270_none_cbee6c45d70a7f59: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\3dfb6e68d367fb8f4a87c37935e1494d\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.22447_none_cc9f7cc0f00979d8\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.22447_none_cc9f7cc0f00979d8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\3dfb6e68d367fb8f4a87c37935e1494d\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.18049_none_cdfe5271d41061e0\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.18049_none_cdfe5271d41061e0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\3dfb6e68d367fb8f4a87c37935e1494d\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.22150_none_ce741cb6ed3e398c\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.22150_none_ce741cb6ed3e398c: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\43aad48fe3fe7ab00579858cb6500554\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\43aad48fe3fe7ab00579858cb6500554\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\43aad48fe3fe7ab00579858cb6500554\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\43aad48fe3fe7ab00579858cb6500554\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\43aad48fe3fe7ab00579858cb6500554\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\43aad48fe3fe7ab00579858cb6500554\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d

Found mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b

Found mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a

Found mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b

Found mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87

Found mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d

Could not open reparse point C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18813_none_97c46c79ec9c8e1f\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18813_none_97c46c79ec9c8e1f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22903_none_9858d93105b211f8\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22903_none_9858d93105b211f8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18813_none_721afaae67ab3343\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.18813_none_721afaae67ab3343: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.22903_none_72af676580c0b71c\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_8.0.6001.22903_none_72af676580c0b71c: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18813_none_5731c1176d4fd579\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18813_none_5731c1176d4fd579: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22903_none_57c62dce86655952\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22903_none_57c62dce86655952: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18813_none_1fa4d94d07e07d14\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18813_none_1fa4d94d07e07d14

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18813_none_1fa4d94d07e07d14\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18813_none_1fa4d94d07e07d14

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22903_none_2039460420f600ed\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22903_none_2039460420f600ed

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22903_none_2039460420f600ed\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22903_none_2039460420f600ed

Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18813_none_42c7deea5049076a\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18813_none_42c7deea5049076a: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22903_none_435c4ba1695e8b43\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22903_none_435c4ba1695e8b43: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18813_none_f624673a37fc1de8\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18813_none_f624673a37fc1de8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18813_none_f624673a37fc1de8\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18813_none_f624673a37fc1de8

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22903_none_f6b8d3f15111a1c1\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22903_none_f6b8d3f15111a1c1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22903_none_f6b8d3f15111a1c1\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22903_none_f6b8d3f15111a1c1

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18813_none_731038fd60633f31\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18813_none_731038fd60633f31

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18813_none_731038fd60633f31\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18813_none_731038fd60633f31

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22903_none_73a4a5b47978c30a\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22903_none_73a4a5b47978c30a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22903_none_73a4a5b47978c30a\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22903_none_73a4a5b47978c30a

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18813_none_2a6e8493b00ba59f\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18813_none_2a6e8493b00ba59f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18813_none_2a6e8493b00ba59f\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18813_none_2a6e8493b00ba59f

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22903_none_2b02f14ac9212978\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22903_none_2b02f14ac9212978

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22903_none_2b02f14ac9212978\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22903_none_2b02f14ac9212978

Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18813_none_1a07bcca29f5b87d\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18813_none_1a07bcca29f5b87d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22903_none_1a9c2981430b3c56\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22903_none_1a9c2981430b3c56: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18813_none_fe736e6ecfcf28ff\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18813_none_fe736e6ecfcf28ff

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18813_none_fe736e6ecfcf28ff\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18813_none_fe736e6ecfcf28ff

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22903_none_ff07db25e8e4acd8\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22903_none_ff07db25e8e4acd8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22903_none_ff07db25e8e4acd8\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22903_none_ff07db25e8e4acd8

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15

Found mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\9a6ad7f28345b19bcd568f8004cca8e4\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee

Could not open reparse point C:\Windows\SoftwareDistribution\Download\c76925252b3c13d1c58d52dd806e5df5\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\c76925252b3c13d1c58d52dd806e5df5\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\c76925252b3c13d1c58d52dd806e5df5\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\c76925252b3c13d1c58d52dd806e5df5\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\c76925252b3c13d1c58d52dd806e5df5\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\c76925252b3c13d1c58d52dd806e5df5\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60c97fc740bd\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60c97fc740bd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60c97fc740bd\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60c97fc740bd

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb35f7a03056e\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb35f7a03056e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb35f7a03056e\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb35f7a03056e

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f

Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.16870_none_e4a4f2ddb3dfbcec\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.16870_none_e4a4f2ddb3dfbcec: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.21067_none_e54039bcccef2568\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.21067_none_e54039bcccef2568: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18272_none_e68d3217b104808b\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18272_none_e68d3217b104808b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22450_none_e72a700cca13b2ec\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22450_none_e72a700cca13b2ec: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.18051_none_e8884573ae1b819d\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.18051_none_e8884573ae1b819d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22152_none_e912e288c7383abe\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22152_none_e912e288c7383abe: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde

Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.21067_none_207fa79f71646c31\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.21067_none_207fa79f71646c31: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18272_none_21cc9ffa5579c754\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18272_none_21cc9ffa5579c754: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22450_none_2269ddef6e88f9b5\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22450_none_2269ddef6e88f9b5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18051_none_23c7b3565290c866\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18051_none_23c7b3565290c866: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22152_none_2452506b6bad8187\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22152_none_2452506b6bad8187: 3
Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Found mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFile

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFile

Found mount point : C:\Windows\SQL9_KB948109_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SQL9_KB948109_ENU\hotfixas\files\files

Found mount point : C:\Windows\SQL9_KB948109_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SQL9_KB948109_ENU\hotfixdts\files\files

Found mount point : C:\Windows\SQL9_KB948109_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SQL9_KB948109_ENU\hotfixns\files\files

Found mount point : C:\Windows\SQL9_KB948109_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SQL9_KB948109_ENU\hotfixrs\files\files

Found mount point : C:\Windows\SQL9_KB948109_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SQL9_KB948109_ENU\hotfixsql\files\files

Found mount point : C:\Windows\SQL9_KB948109_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SQL9_KB948109_ENU\hotfixtools\files\files

Found mount point : C:\Windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Sun\Java\Deployment\Deployment

Found mount point : C:\Windows\System32\0409\0409

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\0409\0409

Found mount point : C:\Windows\System32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\Adobe\update\update

Found mount point : C:\Windows\System32\Branding\en-US\en-US

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\Branding\en-US\en-US

Found mount point : C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}

Cannot access: C:\Windows\System32\cngaudit.dll

Attempting to restore permissions of : C:\Windows\System32\cngaudit.dll

[1] 2006-11-02 10:46:03 61952 C:\Windows\System32\cngaudit.dll ()

[2] 2006-11-02 10:46:03 11776 C:\Windows\System32\logevent.dll (Microsoft Corporation)

[1] 2006-11-02 10:46:03 11776 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll (Microsoft Corporation)

Found mount point : C:\Windows\System32\com\dmp\dmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\com\dmp\dmp

Found mount point : C:\Windows\System32\config\Journal\Journal

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\config\Journal\Journal

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Messenger\Messenger

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Messenger\Messenger

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVGTOOLBAR\AVGTOOLBAR

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVGTOOLBAR\AVGTOOLBAR

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Roxio\MediaManager9\MediaManager9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Roxio\MediaManager9\MediaManager9

Found mount point : C:\Windows\System32\GroupPolicy\Machine\Machine

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\GroupPolicy\Machine\Machine

Found mount point : C:\Windows\System32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\inetsrv\inetsrv

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-09-07 19:11:54 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-09-07 19:11:54 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-09-07 19:12:18 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-09-07 19:12:15 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()

Cannot access: C:\Windows\System32\mrt.exe

Attempting to restore permissions of : C:\Windows\System32\mrt.exe

[1] 2009-07-30 01:49:14 24281536 C:\Windows\System32\mrt.exe (Microsoft Corporation)

[1] 2006-09-18 22:42:35 6757792 C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6000.16386_none_d159daa5e080a3a1\mrt.exe (Microsoft Corporation)

Found mount point : C:\Windows\System32\MUI\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\MUI\dispspec\dispspec

Found mount point : C:\Windows\System32\OEM\_FS_SWRINFO\_FS_SWRINFO

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\OEM\_FS_SWRINFO\_FS_SWRINFO

Found mount point : C:\Windows\System32\setup\en-US\en-US

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\setup\en-US\en-US

Found mount point : C:\Windows\System32\SMI\Manifests\Manifests

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\SMI\Manifests\Manifests

Found mount point : C:\Windows\System32\spool\drivers\IA64\IA64

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\spool\drivers\IA64\IA64

Found mount point : C:\Windows\System32\spool\drivers\x64\x64

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\spool\drivers\x64\x64

Found mount point : C:\Windows\System32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\spool\PRINTERS\PRINTERS

Found mount point : C:\Windows\System32\spool\SERVERS\SERVERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\spool\SERVERS\SERVERS

Found mount point : C:\Windows\System32\sysprep\_FS_SWRINFO\_FS_SWRINFO

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\sysprep\_FS_SWRINFO\_FS_SWRINFO

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\DiskDiagnostic

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\DiskDiagnostic

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\System

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar

Found mount point : C:\Windows\System32\wbem\MOF\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\wbem\MOF\bad\bad

Found mount point : C:\Windows\System32\wbem\MOF\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\wbem\MOF\good\good

Found mount point : C:\Windows\System32\WDI\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\WDI\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}

Cannot access: C:\Windows\System32\WerFault.exe

Attempting to restore permissions of : C:\Windows\System32\WerFault.exe

[1] 2006-11-02 10:45:54 216064 C:\Windows\System32\WerFault.exe (Microsoft Corporation)

[1] 2006-11-02 10:45:54 216064 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6000.16386_none_6dd05aa63fde4065\WerFault.exe (Microsoft Corporation)

Found mount point : C:\Windows\System32\winevt\TraceFormat\TraceFormat

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\winevt\TraceFormat\TraceFormat

Found mount point : C:\Windows\Temp\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}

Found mount point : C:\Windows\Temp\DWDE7BF.tmp\DWDE7BF.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\DWDE7BF.tmp\DWDE7BF.tmp

Found mount point : C:\Windows\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\Google Toolbar\Google Toolbar

Found mount point : C:\Windows\Temp\~msdt\tools\tools

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\~msdt\tools\tools

Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\tracing\tracing

Cannot access: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe

Attempting to restore permissions of : C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe

[1] 2006-11-02 10:45:14 623616 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe (Microsoft Corporation)

[1] 2007-11-22 18:58:44 625152 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16512_none_2d72f0251cde4150\iexplore.exe (Microsoft Corporation)

[1] 2007-11-22 19:02:57 625152 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16546_none_2d5681891cf2fa7f\iexplore.exe (Microsoft Corporation)

[1] 2008-05-28 18:27:10 625664 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe (Microsoft Corporation)

[1] 2008-09-04 20:24:50 625664 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe (Microsoft Corporation)

[1] 2008-12-10 22:49:14 634024 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe (Microsoft Corporation)

[1] 2009-07-15 21:43:31 634648 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe (Microsoft Corporation)

[1] 2007-11-22 18:58:45 625152 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20627_none_2df6be7635ff7bbe\iexplore.exe (Microsoft Corporation)

[1] 2007-11-22 19:02:57 625152 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20663_none_2dc77d9e36238626\iexplore.exe (Microsoft Corporation)

[1] 2008-05-28 18:27:09 625664 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe (Microsoft Corporation)

[1] 2008-09-04 20:24:49 625664 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe (Microsoft Corporation)

[1] 2008-12-10 22:49:13 634024 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe (Microsoft Corporation)

[1] 2009-07-15 21:43:30 634648 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe (Microsoft Corporation)

[1] 2009-07-15 21:43:13 634632 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe (Microsoft Corporation)

[1] 2009-07-15 21:43:13 634648 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe (Microsoft Corporation)

[1] 2009-03-08 22:09:24 638816 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe (Microsoft Corporation)

[1] 2009-07-21 22:53:43 638216 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe (Microsoft Corporation)

[1] 2009-07-22 07:04:09 638232 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe (Microsoft Corporation)

Finished!

Win32kDiag log, just running the other bits now. FYI, tried to abort the auto restart but it didn't work so doing this in safe mode with Networking

#8
whits

Posted 07 September 2009 - 12:32 PM

Member

Topic Starter
Member
21 posts

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\cngaudit.dll|C:\Windows\System32\cngaudit.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

#9
whits

Posted 07 September 2009 - 01:06 PM

Member

Topic Starter
Member
21 posts

ComboFix 09-09-06.06 - Badger 07/09/2009 19:40.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3070.1808 [GMT 1:00]
Running from: c:\users\Badger\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1352612194-1282887977-565208807-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-696190702-4667156-31236781-500
c:\users\Badger\AppData\Roaming\020000006a83eecb651C.manifest
c:\users\Badger\AppData\Roaming\020000006a83eecb651O.manifest
c:\users\Badger\AppData\Roaming\020000006a83eecb651P.manifest
c:\users\Badger\AppData\Roaming\020000006a83eecb651S.manifest
c:\users\Badger\Badger .3gp
c:\users\Fatty\AppData\Roaming\020000006a83eecb651C.manifest
c:\users\Fatty\AppData\Roaming\020000006a83eecb651O.manifest
c:\users\Fatty\AppData\Roaming\020000006a83eecb651P.manifest
c:\users\Fatty\AppData\Roaming\020000006a83eecb651S.manifest
c:\windows\GnuHashes.ini
c:\windows\Installer\fd868.msi
c:\windows\jestertb.dll
c:\windows\run.log
c:\windows\system32\bGnYbLnc2qYXf.vbs
c:\windows\system32\drivers\kbiwkmmmtpebpf.sys
c:\windows\system32\kbiwkmbkqfytiu.dat
c:\windows\system32\kbiwkmdlbwnskv.dat
c:\windows\system32\kbiwkmguoipjgb.dll
c:\windows\system32\kbiwkmskbojbow.dll
c:\windows\system32\net.net
c:\windows\system32\qE40W.vbs
c:\windows\system32\U1j4D1veBKcDm.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmirlafdsm
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_kbiwkmirlafdsm

((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-09-07 18:46 . 2009-09-07 18:51 -------- d-----w- c:\users\Badger\AppData\Local\temp
2009-09-07 18:46 . 2009-09-07 18:46 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-09-07 18:46 . 2009-09-07 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-07 18:46 . 2009-09-07 18:46 -------- d-----w- c:\users\Fatty\AppData\Local\temp
2009-09-06 16:59 . 2009-09-06 16:59 -------- d-----w- c:\users\Fatty\AppData\Local\VirtualStore
2009-09-03 06:34 . 2009-09-03 06:35 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-02 20:42 . 2009-09-02 20:42 -------- d-----w- c:\windows\McAfee.com
2009-09-02 19:52 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 19:51 . 2009-09-02 19:55 -------- d-----w- c:\program files\123
2009-09-02 19:51 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 19:11 . 2009-09-02 19:11 -------- d-----w- c:\users\Badger\AppData\Roaming\TeraCopy
2009-09-01 19:03 . 2009-09-02 19:32 -------- d-----w- c:\program files\a-squared Free
2009-09-01 18:39 . 2009-09-01 18:39 -------- d-----w- c:\program files\Trend Micro
2009-09-01 18:38 . 2009-09-01 18:38 -------- d-----w- C:\New Folder
2009-09-01 18:38 . 2009-09-01 18:38 -------- d-----w- C:\hijack
2009-08-31 22:43 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-31 22:37 . 2009-06-10 12:16 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-31 22:37 . 2009-07-17 14:52 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-31 22:37 . 2009-06-04 12:47 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-08-31 22:37 . 2009-06-04 12:43 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-08-31 22:37 . 2009-06-04 12:36 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-08-31 22:37 . 2009-06-10 12:10 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-08-31 22:37 . 2009-06-10 12:10 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-08-31 22:37 . 2009-06-10 12:09 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-08-31 22:37 . 2009-06-10 12:07 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-08-31 22:37 . 2009-06-10 12:04 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-08-31 22:37 . 2009-06-10 12:04 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-08-31 20:42 . 2009-08-31 20:42 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-08-31 20:42 . 2009-08-31 20:42 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-08-31 20:42 . 2009-08-31 20:42 -------- d-----w- c:\program files\Prevx
2009-08-31 20:06 . 2009-08-31 20:11 -------- d-----w- c:\program files\Malwarebytes
2009-08-31 19:22 . 2009-09-03 06:36 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-31 19:22 . 2009-09-03 06:37 -------- d-----w- c:\users\Badger\.housecall6.6
2009-08-31 19:16 . 2009-09-02 19:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-31 19:16 . 2009-08-31 19:16 -------- d-----w- c:\users\Badger\AppData\Roaming\SUPERAntiSpyware.com
2009-08-30 18:44 . 2009-08-30 18:44 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-30 18:44 . 2009-08-30 18:44 -------- d-----w- c:\documents and settings\releaseengineer\Application Data\skypePM
2009-08-30 18:44 . 2009-08-30 18:44 -------- d-----w- c:\users\releaseengineer
2009-08-29 14:46 . 2009-08-29 14:46 -------- d-----w- c:\users\Guest\AppData\Local\Deployment
2009-08-29 14:46 . 2009-08-29 14:46 -------- d-----w- c:\users\Guest\AppData\Local\Apps
2009-08-28 14:25 . 2009-08-28 14:25 -------- d-----w- c:\users\Guest\AppData\Local\AVG Security Toolbar
2009-08-28 14:25 . 2009-08-28 14:25 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2009-08-26 19:34 . 2009-08-26 19:39 -------- d-----w- c:\users\Guest\AppData\Roaming\TeraCopy
2009-08-26 19:33 . 2009-08-26 19:33 -------- d-----w- c:\program files\TeraCopy
2009-08-25 20:59 . 2009-09-02 19:32 -------- d-----w- c:\program files\Common Files\Real
2009-08-13 09:59 . 2009-08-13 09:59 -------- d-----w- c:\program files\TomTom International B.V
2009-08-10 05:44 . 2009-08-10 05:44 -------- d-----w- C:\Kontiki
2009-08-09 13:47 . 2009-08-09 13:47 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 19:31 . 2009-04-27 16:07 -------- d-----w- c:\users\Fatty\AppData\Roaming\Move Networks
2009-09-01 20:22 . 2009-06-07 16:30 -------- d-----w- c:\users\Fatty\AppData\Roaming\Sports Interactive
2009-09-01 19:50 . 2008-11-16 15:31 -------- d-----w- c:\users\Badger\AppData\Roaming\Sports Interactive
2009-08-31 18:51 . 2008-05-28 16:36 1356 ----a-w- c:\users\Badger\AppData\Local\d3d9caps.dat
2009-08-31 13:33 . 2008-11-16 15:32 -------- d-----w- c:\program files\Steam
2009-08-31 11:28 . 2008-06-09 20:32 -------- d-----w- c:\users\Fatty\AppData\Roaming\Skype
2009-08-30 21:07 . 2008-11-16 15:33 -------- d-----w- c:\program files\Common Files\Steam
2009-08-28 20:54 . 2009-05-21 21:07 256 ----a-w- c:\windows\system32\pool.bin
2009-08-28 14:21 . 2009-01-06 22:28 48887 ----a-w- c:\users\Guest\AppData\Roaming\nvModes.dat
2009-08-27 04:13 . 2008-06-15 12:55 -------- d-----w- c:\users\Fatty\AppData\Roaming\LimeWire
2009-08-25 15:08 . 2009-08-06 20:06 -------- d-----w- c:\program files\Incomplete
2009-08-25 15:08 . 2008-06-15 12:50 -------- d-----w- c:\program files\LimeWire
2009-08-20 10:35 . 2008-07-24 19:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 10:35 . 2008-07-24 19:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 10:35 . 2008-07-24 19:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 19:13 . 2008-05-29 20:59 62903 ----a-w- c:\users\Fatty\AppData\Roaming\nvModes.dat
2009-08-15 09:21 . 2009-07-29 19:47 2119680 ----a-w- c:\users\Guest\AppData\Local\cooliris-win-ie-release-1.11.2.27471.en-US.msi
2009-08-13 09:59 . 2008-12-07 19:33 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-07 20:57 . 2009-08-07 20:57 -------- d-----w- c:\users\Badger\AppData\Roaming\Malwarebytes
2009-08-07 20:54 . 2009-08-07 20:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-31 21:07 . 2009-07-30 17:23 2119680 ----a-w- c:\users\Fatty\AppData\Local\cooliris-win-ie-release-1.11.2.27471.en-US.msi
2009-07-30 17:21 . 2009-07-29 20:48 -------- d-----w- c:\program files\Kontiki
2009-07-29 20:48 . 2009-07-29 20:48 -------- d-----w- c:\program files\Sky
2009-07-25 14:11 . 2009-07-25 14:10 -------- d-----w- c:\program files\iTunes
2009-07-25 14:11 . 2009-07-25 14:11 -------- d-----w- c:\program files\iPod
2009-07-25 14:10 . 2008-05-28 16:59 -------- d-----w- c:\program files\Common Files\Apple
2009-07-21 21:52 . 2009-08-31 22:36 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-31 22:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-31 22:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-31 22:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 19:23 . 2008-05-28 16:54 -------- d-----w- c:\program files\DAP
2009-07-19 17:33 . 2009-01-06 22:29 122672 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-19 10:04 . 2008-05-29 20:59 122672 ----a-w- c:\users\Fatty\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-18 23:44 . 2008-05-28 16:36 122672 ----a-w- c:\users\Badger\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-18 18:46 . 2007-11-22 19:57 -------- d-----w- c:\program files\Microsoft Works
2009-07-18 17:38 . 2009-07-18 17:38 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-07-18 17:38 . 2009-07-18 17:38 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-18 17:38 . 2009-07-18 17:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-18 17:38 . 2009-07-18 17:38 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-18 17:38 . 2009-07-18 17:38 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-18 17:38 . 2009-07-18 17:38 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-18 17:38 . 2009-07-18 17:38 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-18 17:37 . 2009-07-18 17:37 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-07-18 17:37 . 2009-07-18 17:37 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-07-18 17:37 . 2009-07-18 17:37 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-07-18 17:36 . 2009-07-18 17:36 696832 ----a-w- c:\windows\system32\localspl.dll
2009-07-18 17:34 . 2009-07-18 17:34 25600 ----a-w- c:\windows\system32\amxread.dll
2009-07-18 17:34 . 2009-07-18 17:34 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-07-15 21:07 . 2007-11-22 20:00 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-15 21:02 . 2009-07-15 21:02 290304 ----a-w- c:\windows\system32\drivers\srv.sys
2009-07-15 20:59 . 2009-07-15 20:59 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-15 20:59 . 2009-07-15 20:59 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-15 20:59 . 2009-07-15 20:59 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-15 20:59 . 2009-07-15 20:59 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-15 20:59 . 2009-07-15 20:59 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-15 20:59 . 2009-07-15 20:59 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-15 20:59 . 2009-07-15 20:59 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-15 20:45 . 2009-07-15 20:45 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-15 20:34 . 2009-07-15 20:34 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-07-14 13:02 . 2009-08-31 22:36 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 13:01 . 2009-08-31 22:36 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 13:00 . 2009-08-31 22:36 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 11:11 . 2009-08-31 22:36 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-11 12:53 . 2008-06-15 09:49 -------- d-----w- c:\program files\PicLensIE
2009-07-11 12:52 . 2009-04-15 17:48 2545152 ----a-w- c:\users\Fatty\AppData\Local\cooliris-win-ie-release-1.10.0.24532.en-US.msi
2009-07-07 19:31 . 2009-04-17 20:33 2545152 ----a-w- c:\users\Guest\AppData\Local\cooliris-win-ie-release-1.10.0.24532.en-US.msi
2009-07-07 17:53 . 2009-04-15 19:35 2545152 ----a-w- c:\users\Badger\AppData\Local\cooliris-win-ie-release-1.10.0.24532.en-US.msi
2009-07-06 20:56 . 2009-07-01 19:41 2118144 ----a-w- c:\users\Fatty\AppData\Local\cooliris-win-ie-release-1.11.0.26762.en-US.msi
2009-07-05 12:57 . 2009-07-05 12:57 2118144 ----a-w- c:\users\Guest\AppData\Local\cooliris-win-ie-release-1.11.0.26762.en-US.msi
2009-07-04 16:52 . 2008-05-28 16:35 109718 ----a-w- c:\users\Badger\AppData\Roaming\nvModes.dat
2009-07-01 17:52 . 2009-07-01 17:52 2118144 ----a-w- c:\users\Badger\AppData\Local\cooliris-win-ie-release-1.11.0.26762.en-US.msi
2009-06-15 18:12 . 2009-08-31 22:36 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-15 15:29 . 2009-08-31 22:36 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-06-15 15:28 . 2009-08-31 22:36 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-15 15:28 . 2009-08-31 22:36 272384 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:25 . 2009-08-31 22:36 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-15 15:23 . 2009-08-31 22:36 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-15 15:23 . 2009-08-31 22:36 494592 ----a-w- c:\windows\system32\kerberos.dll
2009-06-15 13:10 . 2009-08-31 22:36 7680 ----a-w- c:\windows\system32\lsass.exe
2008-12-12 19:00 . 2008-12-12 19:00 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-16 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-16 81920]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-25 4669440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Badger^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Belkin Network USB Hub Control Center.lnk]
path=c:\users\Badger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk
backup=c:\windows\pss\Belkin Network USB Hub Control Center.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3821344852-1932645738-410738641-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{646EC8B6-CBF0-4214-A377-E66BE7A074FE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F0DE75B4-0811-4407-9138-4814541F5F5B}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{7904BC33-79E3-432E-8344-54AB6A131382}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{0B1888CB-4022-4150-8FAF-67F2E1A51511}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{4774D844-2322-42CD-99ED-F61D7C7BDF2B}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{77A1FDA1-AF8C-4EF3-BD54-256D548F218E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5F01E458-30EE-4148-8D07-633F13BD2EA5}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{CF2AE205-4434-41EC-97DB-A2E2E4A0EBF2}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{6C3E5F38-27C4-4760-8573-447D47F5ACDB}c:\\program files\\dap\\dap.exe"= UDP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"UDP Query User{B209EF3A-DC81-4775-B02C-32B0BE6FF7A3}c:\\program files\\dap\\dap.exe"= TCP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"TCP Query User{8C0C2642-C12F-4844-B55D-AF194552C102}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D64A5193-74F1-4C3C-8892-B421A8993306}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DB0BB61F-DA2C-45E7-BDC6-CA20CC799AA4}c:\\program files\\abc\\abc.exe"= UDP:c:\program files\abc\abc.exe:abc
"UDP Query User{36625413-2FE2-4F1D-9729-58203F1FEB3B}c:\\program files\\abc\\abc.exe"= TCP:c:\program files\abc\abc.exe:abc
"{A25B3F1B-241B-4827-954F-1B2ED5B08F36}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6EDAD166-19AF-4A30-A730-6C24B953F8BF}"= UDP:c:\program files\Firefly Studios\Stronghold Crusader Extreme\Stronghold Crusader.exe:Stronghold Crusader Extreme
"{6BE52907-C9D9-4655-9D2A-36CFA261A70D}"= TCP:c:\program files\Firefly Studios\Stronghold Crusader Extreme\Stronghold Crusader.exe:Stronghold Crusader Extreme
"{6104FDE9-70B3-4298-A215-C4D854D3A966}"= UDP:c:\program files\Firefly Studios\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe:Stronghold Crusader Extreme
"{E6DC94BE-FDFF-44C9-ACB2-7CBFADA4A329}"= TCP:c:\program files\Firefly Studios\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe:Stronghold Crusader Extreme
"TCP Query User{0F527067-BC28-477D-AB8B-F4872C1A4B7B}c:\\program files\\intercasino £££\\casino.exe"= UDP:c:\program files\intercasino £££\casino.exe:Casino
"UDP Query User{BF125312-ECA5-4297-953E-38E059A6DDB6}c:\\program files\\intercasino £££\\casino.exe"= TCP:c:\program files\intercasino £££\casino.exe:Casino
"{6903588F-C9E8-494E-8D0B-31F8F0090E60}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15F129D5-4245-4AAB-8521-CEDB667DCF96}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3F2EA5F2-7BCD-4204-8204-99CF6D91BFF8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5900BCA7-2E1F-47A5-BD0B-EB24D8E92B49}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{24C6A20E-A217-40BB-854A-A28E156F19F7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3F335909-83EE-4757-909E-4D11A8D062E4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{31B61F8A-E7E5-4AF7-81A4-6638AD9ACEF0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7B2295BA-062E-4D76-80FC-AE17F28D9D9C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7EE61446-310D-45B8-B611-153236DBBCA2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E90436D-86B9-42D0-B851-C5B108C60119}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5A2B7F0F-3E30-464B-B74C-7825772D8393}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3B246F60-5532-40EE-A4C2-2A53C5AA5667}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F99A48E0-A870-4B90-97CF-52DCECEC9766}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2733AEF1-2B6C-4ED7-BC58-1D1ADEFD8782}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{67301831-2AF3-4DC9-8DBB-E0E20E6AB1A4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A06C9A75-A24D-445E-8273-CD683677F9F2}f:\\utility\\easy_search.exe"= UDP:f:\utility\easy_search.exe:Easy Search Application
"UDP Query User{7DF1A0DE-111C-4D5E-8312-A4D16DFA9AB0}f:\\utility\\easy_search.exe"= TCP:f:\utility\easy_search.exe:Easy Search Application
"{CBE98687-1A3B-4587-B1A9-512708949DC3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FE2E5DCD-0001-4745-9414-A53EB48803DF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{23AEE0F8-0879-4C1C-AD1E-CD2BCCBAE4F4}"= UDP:c:\program files\Belkin\Network USB Hub Control Center\Connect.exe:Belkin Network USB Hub Control Center
"{68A093B8-9A20-4855-9E45-E9E02C04E69C}"= TCP:c:\program files\Belkin\Network USB Hub Control Center\Connect.exe:Belkin Network USB Hub Control Center
"{DD64298F-338C-4B58-BD5D-4191A3B85167}"= TCP:19540:SXUPTP
"{5235BADC-C70B-4D33-BE04-5FE1D4CDE5F1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9A1A244C-45B2-4255-B0F2-325758CE903C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CFD93DC4-4A7B-481B-AB4C-A0C6BAA7443E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{41558A7A-D7DC-4762-A3F9-4A58ADCAEE45}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F55E29E-C13D-4811-9285-DE7F0AE9406B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E14CE091-157D-415C-AB61-DCD5AE9A44D7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{501C091F-9C23-49FA-8DB6-1200FF50219B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{542A9C5C-7AA8-4FB4-9F7D-CFC3A5A50A2D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D9781021-CD04-4D04-8730-24A93634369F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4B1997B9-CD21-40E0-81F1-BD42AED00186}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F4122A5B-E177-4E30-B472-7A3C0A8B4155}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A52EE762-02A8-4DD7-B931-F50615F3362F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1E41A696-08D7-4768-9835-7AF5951EE327}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{5C171B43-3919-4EA2-9292-71ED7E088A31}c:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{642703C5-8D7B-476B-BCCE-8B1E9235E898}c:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{5E017264-CC17-454A-9AE5-1462701C61FD}c:\\program files\\belkin\\network usb hub control center\\connect.exe"= UDP:c:\program files\belkin\network usb hub control center\connect.exe:Belkin Network USB Hub Control Center
"UDP Query User{E49E3B7D-DAC2-4D39-A951-76CCB97FC474}c:\\program files\\belkin\\network usb hub control center\\connect.exe"= TCP:c:\program files\belkin\network usb hub control center\connect.exe:Belkin Network USB Hub Control Center
"{DF88D597-AE5F-46ED-B3D9-C1FE3D027230}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FB5DD31E-0E5E-40AB-817D-B4B7D2E66DE9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{FC0CE9FB-48C1-41D8-B078-FBEB2B5D0236}"= UDP:c:\program files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009
"{724122C3-934A-40D7-8B5A-E9289E56479E}"= TCP:c:\program files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009
"{A90FB7B3-3A1E-431E-A809-0170169C3D64}"= UDP:c:\program files\Steam\SteamApps\common\railroad tycoon 2 platinum\RT2_PLAT.EXE:Railroad Tycoon 2: Platinum
"{CA9476EE-A27A-4100-9990-10ECFE8C84C1}"= TCP:c:\program files\Steam\SteamApps\common\railroad tycoon 2 platinum\RT2_PLAT.EXE:Railroad Tycoon 2: Platinum

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [31/08/2009 21:42 22024]
R0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [31/08/2009 21:42 27656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [24/07/2008 20:10 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [24/07/2008 20:09 297752]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 17:50 30312]
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [10/01/2008 16:55 204800]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 05:09 11032]
R2 sxuptp;SXUPTP Driver;c:\windows\System32\drivers\sxuptp.sys [04/03/2009 20:12 62464]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/08/2009 15:31 92008]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [22/11/2007 18:22 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [22/11/2007 18:21 812544]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [31/08/2009 21:42 4368952]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/11/2007 21:03 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 21:22 34064]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [10/01/2008 16:44 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [10/01/2008 16:44 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [10/01/2008 16:44 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [10/01/2008 16:52 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [10/01/2008 16:52 79136]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3821344852-1932645738-410738641-1004Core.job
- c:\users\Fatty\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-28 15:27]

2009-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3821344852-1932645738-410738641-1004UA.job
- c:\users\Fatty\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-28 15:27]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.igoogle.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: {A43E53BB-5A86-4ACB-B0E0-CC90180594AE} = 192.168.0.1
FF - ProfilePath - c:\users\Badger\AppData\Roaming\Mozilla\Firefox\Profiles\dcgu5g1i.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 19:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3821344852-1932645738-410738641-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,8e,f2,a9,54,31,bf,32,5d,97,89,44,4e,a3,d0,c7,80,9f,71,b9,ca,3a,f1,
31,2f,f0,c2,11,15,2e,f8,c8,1f,10,4c,b4,6b,8a,83,84,b4,a3,da,6c,4c,ac,fd,d0,\
"??"=hex:b6,e1,31,ba,e1,96,a7,d2,68,d1,c2,5e,71,f1,f4,54

[HKEY_USERS\S-1-5-21-3821344852-1932645738-410738641-1003\Software\SecuROM\License information*]
"datasecu"=hex:2f,21,1b,ca,58,be,c7,72,98,48,d4,47,9b,82,b7,55,4d,60,bd,ac,8e,
1f,c5,60,37,2d,e2,fa,0f,88,9c,9a,2a,f1,86,ce,a7,b1,35,8c,4b,22,0b,41,8d,c1,\
"rkeysecu"=hex:39,03,a9,18,59,dc,b1,86,b5,13,6c,77,bd,a5,f3,6e

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1124)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Kontiki\KService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-07 19:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-07 18:57

Pre-Run: 120,355,667,968 bytes free
Post-Run: 120,623,022,080 bytes free

438 --- E O F --- 2009-08-31 22:44

Good news, the computer is now booting into standard mode without any issue. is there anything else i need to follow to ensure the computer is clean??

Thank you very much for your help so far!!

#10
NeonFx

Posted 07 September 2009 - 01:09 PM

Malware Removal Dude

Expert
3,798 posts

Let me review the logs and I'll get back to you. We're still not done, but I'm glad you got into Normal mode now

#11
NeonFx

Posted 07 September 2009 - 01:39 PM

Malware Removal Dude

Expert
3,798 posts

Alright, please do the following:

STEP 1

Run Malwarebytes AntiMalware and update it by clicking on the "Update" tab at the top.

Run a Quick Scan of your system.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

STEP 2

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
It will by default install it to your desktop folder.Click Next.
Hit ok at the prompt for scanning in Safe Mode.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then chooose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

#12
whits

Posted 07 September 2009 - 02:01 PM

Member

Topic Starter
Member
21 posts

07/09/2009 21:00:56
mbam-log-2009-09-07 (21-00-56).txt

Scan type: Quick Scan
Objects scanned: 111326
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13
NeonFx

Posted 08 September 2009 - 12:10 AM

Malware Removal Dude

Expert
3,798 posts

The link we use for AVP is down. If you have problems downloading it use this one and click on the "Free Download" button.

#14
whits

Posted 08 September 2009 - 12:28 AM

Member

Topic Starter
Member
21 posts

Hi neon, don't worry I got it last night, it's still running (7 am over here) I will check it when I get back from work.

#15
NeonFx

Posted 08 September 2009 - 12:30 AM

Malware Removal Dude

Expert
3,798 posts

Alright. I've seen the online version take 35 hours one time. I'm sorry about how long it takes but its the best scanner around to be absolutely sure you're clean.

Edited by NeonFx, 08 September 2009 - 12:31 AM.