View Full Version : Need help - infected PC
scotsking
2009-11-16, 22:09
Original post in wrong forum - sorry
I have a pc with a problem. All started when IE stopped working prsented with message "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."
This message also came up when trying to access spybot search & destroy & adaware. Still had internet access via mozilla.
Downloaded Virgin PC guard and tried to re-install spybot. Unable to reload spybot but loaded Vigin PC guard ok.
Ran the virus scan and cleared a couple of trojans. Ran the spyware portion of PC guard and left running. Came back to PC and programme no longer running. Tried to restart and was presented with the same message as with IE. Reinstalled PCGuard and left alone until now.
Can longer access internet at all. PC no longer showing netwotk connections. Also have error messages when opening microsoft programmes (Word & Excel).
PC is running XP media edition service pack 3.
have access to internet via laptop on windows 2000 and able to transfer data accross using external harddrive.
Thanks in advance
Hi,
Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
scotsking
2009-11-21, 23:37
Running from: E:\Win32kDiag.exe
Log file at : C:\Documents and Settings\Shirley King\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB969947\KB969947
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\ehExtCOM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\ehiExtens
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\ehiwmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\erdnt\erdnt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINNOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
[1] 2004-08-10 05:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)
[1] 2008-04-14 00:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()
[1] 2008-04-14 00:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4a78de12f193191bac68c80878ef4c27\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exe
[1] 2004-10-14 18:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 22:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 18:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 18:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 18:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 10:34:54 654848 C:\WINDOWS\$hf_mig$\KB887742\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 18:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 14:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 18:21:58 654848 C:\WINDOWS\$hf_mig$\KB890175\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 19:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 18:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 03:35:05 718048 C:\WINDOWS\$hf_mig$\KB896422\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 03:35:05 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 03:35:05 718048 C:\WINDOWS\$hf_mig$\KB896688\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 03:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 03:35:05 718048 C:\WINDOWS\$hf_mig$\KB899588\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB899589\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 03:35:05 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB901190\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 03:35:05 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 03:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)
[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB905915\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:28 716000 C:\WINDOWS\$hf_mig$\KB913446\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:28 716000 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB917422\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB917953\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB920214\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB921398\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:16:51 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB922616\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 17:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB923694\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB924191\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:16:51 716000 C:\WINDOWS\$hf_mig$\KB925486\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB931836\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation)
[1] 2006-01-19 19:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:56 716000 C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:56 716000 C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)
[1] 2007-12-03 15:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:56 716000 C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 07:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 07:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 07:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 13:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 13:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:56 716000 C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 11:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 07:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:56 716000 C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 17:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 01:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 07:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 07:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 07:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB968389\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 07:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB969059\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 07:38:29 755576 C:\WINDOWS\$hf_mig$\KB969897-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB971486\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 07:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB971961\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE7\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 13:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB973525\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 13:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB974112\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB974455-IE7\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB974571\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB975025\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\$hf_mig$\KB975467\update\update.exe (Microsoft Corporation)
[1] 2005-10-20 19:56:16 798720 C:\WINDOWS\ehome\Update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:28 716000 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe (Microsoft Corporation)
[1] 2005-10-12 23:12:29 716000 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 11:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exe ()
scotsking
2009-11-21, 23:37
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\5a0d771158cfd69be5ddd26d8f58c73b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2004-08-10 05:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 00:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 00:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-14 00:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
[2] 2008-04-14 00:11:53 56320 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP316\A0090636.dll (Microsoft Corporation)
[2] 2008-04-14 00:11:53 56320 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP316\A0090637.dll (Microsoft Corporation)
[1] 2004-08-10 05:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)
Cannot access: C:\WINDOWS\system32\MRT.exe
[1] 2009-11-05 17:36:21 26768832 C:\WINDOWS\system32\MRT.exe ()
[2] 2009-07-07 15:10:56 24539592 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP300\A0084760.exe (Microsoft Corporation)
[2] 2009-07-30 00:49:14 24281536 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP308\A0086332.exe (Microsoft Corporation)
[2] 2009-08-28 21:38:20 24689600 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP314\A0089123.exe (Microsoft Corporation)
[2] 2009-10-02 18:01:57 25198016 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP329\A0093695.exe (Microsoft Corporation)
[1] 2006-02-07 21:28:40 4513120 C:\i386\MRT.exe (Microsoft Corporation)
Cannot access: C:\WINDOWS\system32\svchost.exe
[1] 2004-08-10 05:00:00 14336 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe (Microsoft Corporation)
[1] 2008-04-14 00:12:36 14336 C:\WINDOWS\ServicePackFiles\i386\svchost.exe (Microsoft Corporation)
[1] 2008-04-14 00:12:36 14336 C:\WINDOWS\system32\svchost.exe ()
[1] 2004-08-10 05:00:00 14336 C:\i386\svchost.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\Temp\CTJBNS\Copy\Copy
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\CTJBNS\Excute\Excute
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\History\Results\Results
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00000\MCE00000
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00001\MCE00001
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00002\MCE00002
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00003\MCE00003
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00004\MCE00004
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00005\MCE00005
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00006\MCE00006
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00007\MCE00007
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00008\MCE00008
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00009\MCE00009
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00010\MCE00010
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00011\MCE00011
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00012\MCE00012
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00013\MCE00013
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00014\MCE00014
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00015\MCE00015
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00016\MCE00016
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00017\MCE00017
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00018\MCE00018
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00019\MCE00019
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00020\MCE00020
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00021\MCE00021
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00022\MCE00022
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00023\MCE00023
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00024\MCE00024
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00025\MCE00025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00026\MCE00026
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00027\MCE00027
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00028\MCE00028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00029\MCE00029
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0002f\MCE0002f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00030\MCE00030
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00031\MCE00031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00032\MCE00032
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00033\MCE00033
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00034\MCE00034
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00035\MCE00035
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00036\MCE00036
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00037\MCE00037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00038\MCE00038
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00039\MCE00039
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0003a\MCE0003a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0003b\MCE0003b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0003c\MCE0003c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0003d\MCE0003d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0003e\MCE0003e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0003f\MCE0003f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00040\MCE00040
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00041\MCE00041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00042\MCE00042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00043\MCE00043
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00044\MCE00044
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00045\MCE00045
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00046\MCE00046
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00047\MCE00047
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00048\MCE00048
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00049\MCE00049
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0004a\MCE0004a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0004b\MCE0004b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0004c\MCE0004c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0004d\MCE0004d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0004e\MCE0004e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0004f\MCE0004f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00050\MCE00050
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00051\MCE00051
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00052\MCE00052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00053\MCE00053
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00054\MCE00054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00055\MCE00055
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00056\MCE00056
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00057\MCE00057
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00058\MCE00058
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00059\MCE00059
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0005a\MCE0005a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0005b\MCE0005b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0005c\MCE0005c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0005d\MCE0005d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0005e\MCE0005e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0005f\MCE0005f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00060\MCE00060
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00061\MCE00061
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00062\MCE00062
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00063\MCE00063
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00064\MCE00064
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00065\MCE00065
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00066\MCE00066
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00067\MCE00067
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00068\MCE00068
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00069\MCE00069
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0006a\MCE0006a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0006b\MCE0006b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0006c\MCE0006c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0006d\MCE0006d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0006e\MCE0006e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0006f\MCE0006f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00070\MCE00070
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00071\MCE00071
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00072\MCE00072
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00073\MCE00073
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00074\MCE00074
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00075\MCE00075
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00076\MCE00076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00077\MCE00077
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00078\MCE00078
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00079\MCE00079
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0007a\MCE0007a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0007b\MCE0007b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0007c\MCE0007c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0007d\MCE0007d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0007e\MCE0007e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0007f\MCE0007f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00080\MCE00080
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00081\MCE00081
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00082\MCE00082
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00083\MCE00083
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00084\MCE00084
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00085\MCE00085
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00086\MCE00086
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00087\MCE00087
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00088\MCE00088
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00089\MCE00089
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0008a\MCE0008a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0008b\MCE0008b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0008c\MCE0008c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0008d\MCE0008d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0008e\MCE0008e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0008f\MCE0008f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00090\MCE00090
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00091\MCE00091
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00092\MCE00092
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00093\MCE00093
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00094\MCE00094
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00095\MCE00095
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00096\MCE00096
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00097\MCE00097
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00098\MCE00098
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00099\MCE00099
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0009a\MCE0009a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0009b\MCE0009b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0009c\MCE0009c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0009d\MCE0009d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0009e\MCE0009e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0009f\MCE0009f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a0\MCE000a0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a1\MCE000a1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a2\MCE000a2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a3\MCE000a3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a4\MCE000a4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a5\MCE000a5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a6\MCE000a6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a7\MCE000a7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a8\MCE000a8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a9\MCE000a9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000aa\MCE000aa
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ab\MCE000ab
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ac\MCE000ac
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ad\MCE000ad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ae\MCE000ae
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000af\MCE000af
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b0\MCE000b0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b1\MCE000b1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b2\MCE000b2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b3\MCE000b3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b4\MCE000b4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b5\MCE000b5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b6\MCE000b6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b7\MCE000b7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b8\MCE000b8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b9\MCE000b9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ba\MCE000ba
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000bb\MCE000bb
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000bc\MCE000bc
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000bd\MCE000bd
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000be\MCE000be
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000bf\MCE000bf
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c0\MCE000c0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c1\MCE000c1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c2\MCE000c2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c3\MCE000c3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c4\MCE000c4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c5\MCE000c5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c6\MCE000c6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c7\MCE000c7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c8\MCE000c8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c9\MCE000c9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ca\MCE000ca
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000cb\MCE000cb
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000cc\MCE000cc
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000cd\MCE000cd
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ce\MCE000ce
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000cf\MCE000cf
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d0\MCE000d0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d1\MCE000d1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d2\MCE000d2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d3\MCE000d3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d4\MCE000d4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d5\MCE000d5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d6\MCE000d6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d7\MCE000d7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d8\MCE000d8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d9\MCE000d9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000da\MCE000da
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000db\MCE000db
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000dc\MCE000dc
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000dd\MCE000dd
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000de\MCE000de
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000df\MCE000df
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e0\MCE000e0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e1\MCE000e1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e2\MCE000e2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e3\MCE000e3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e4\MCE000e4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e5\MCE000e5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e6\MCE000e6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e7\MCE000e7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e8\MCE000e8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e9\MCE000e9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ea\MCE000ea
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000eb\MCE000eb
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ec\MCE000ec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ed\MCE000ed
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ee\MCE000ee
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ef\MCE000ef
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f0\MCE000f0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f1\MCE000f1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f2\MCE000f2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f3\MCE000f3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f4\MCE000f4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f5\MCE000f5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f6\MCE000f6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f7\MCE000f7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f8\MCE000f8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f9\MCE000f9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000fa\MCE000fa
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000fb\MCE000fb
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000fc\MCE000fc
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000fd\MCE000fd
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000fe\MCE000fe
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ff\MCE000ff
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00100\MCE00100
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00101\MCE00101
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00102\MCE00102
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00103\MCE00103
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00104\MCE00104
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00105\MCE00105
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00106\MCE00106
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00107\MCE00107
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00108\MCE00108
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00109\MCE00109
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010a\MCE0010a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010b\MCE0010b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010c\MCE0010c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010d\MCE0010d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010e\MCE0010e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010f\MCE0010f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00110\MCE00110
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00111\MCE00111
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00112\MCE00112
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00113\MCE00113
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00114\MCE00114
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00115\MCE00115
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00116\MCE00116
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00117\MCE00117
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00118\MCE00118
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00119\MCE00119
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011a\MCE0011a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011b\MCE0011b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011c\MCE0011c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011d\MCE0011d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011e\MCE0011e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011f\MCE0011f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00120\MCE00120
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00121\MCE00121
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00122\MCE00122
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00123\MCE00123
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00124\MCE00124
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00125\MCE00125
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00126\MCE00126
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00127\MCE00127
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00128\MCE00128
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00129\MCE00129
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012a\MCE0012a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012b\MCE0012b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012c\MCE0012c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012d\MCE0012d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012e\MCE0012e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012f\MCE0012f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00130\MCE00130
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00131\MCE00131
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00132\MCE00132
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00133\MCE00133
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00134\MCE00134
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00135\MCE00135
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00136\MCE00136
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00137\MCE00137
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00138\MCE00138
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00139\MCE00139
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0013a\MCE0013a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0013b\MCE0013b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0013c\MCE0013c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0013d\MCE0013d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0013e\MCE0013e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0013f\MCE0013f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00140\MCE00140
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00141\MCE00141
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00142\MCE00142
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00143\MCE00143
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00144\MCE00144
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00145\MCE00145
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00146\MCE00146
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00147\MCE00147
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00148\MCE00148
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00149\MCE00149
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0014a\MCE0014a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0014b\MCE0014b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0014c\MCE0014c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0014d\MCE0014d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0014e\MCE0014e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0014f\MCE0014f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00150\MCE00150
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00151\MCE00151
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00152\MCE00152
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00153\MCE00153
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00154\MCE00154
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00155\MCE00155
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00156\MCE00156
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00157\MCE00157
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00158\MCE00158
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00159\MCE00159
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0015a\MCE0015a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0015b\MCE0015b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0015c\MCE0015c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0015d\MCE0015d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0015e\MCE0015e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0015f\MCE0015f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00160\MCE00160
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00161\MCE00161
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00162\MCE00162
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00163\MCE00163
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00164\MCE00164
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00165\MCE00165
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00166\MCE00166
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00167\MCE00167
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00168\MCE00168
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00169\MCE00169
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0016a\MCE0016a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0016b\MCE0016b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0016c\MCE0016c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0016d\MCE0016d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0016e\MCE0016e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0016f\MCE0016f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00170\MCE00170
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00171\MCE00171
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00172\MCE00172
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00173\MCE00173
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00174\MCE00174
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00175\MCE00175
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00176\MCE00176
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00177\MCE00177
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00178\MCE00178
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00179\MCE00179
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0017a\MCE0017a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0017b\MCE0017b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0017c\MCE0017c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0017d\MCE0017d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0017e\MCE0017e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0017f\MCE0017f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00180\MCE00180
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00181\MCE00181
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00182\MCE00182
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00183\MCE00183
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00184\MCE00184
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00185\MCE00185
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00186\MCE00186
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00187\MCE00187
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00188\MCE00188
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00189\MCE00189
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0018a\MCE0018a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0018b\MCE0018b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0018c\MCE0018c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0018d\MCE0018d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0018e\MCE0018e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0018f\MCE0018f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00190\MCE00190
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00191\MCE00191
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00192\MCE00192
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00193\MCE00193
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00194\MCE00194
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00195\MCE00195
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00196\MCE00196
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00197\MCE00197
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00198\MCE00198
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00199\MCE00199
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0019a\MCE0019a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0019b\MCE0019b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0019c\MCE0019c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0019d\MCE0019d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0019e\MCE0019e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0019f\MCE0019f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001a0\MCE001a0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001a1\MCE001a1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001a2\MCE001a2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001a3\MCE001a3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001a4\MCE001a4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001a5\MCE001a5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001a6\MCE001a6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001a7\MCE001a7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001a8\MCE001a8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001a9\MCE001a9
Mount point destination : \Device\__max++>\^
Found mount pint : C:\WINDOWS\Temp\MCE001aa\MCE001aa
Mount point destination : \Device\__max++>\^
Found mount pint : C:\WINDOWS\Temp\MCE001ab\MCE001ab
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001ac\MCE001ac
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001ad\MCE001ad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001ae\MCE001ae
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001af\MCE001af
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001b0\MCE001b0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001b1\MCE001b1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001b2\MCE001b2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001b3\MCE001b3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001b4\MCE001b4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001b5\MCE001b5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001b6\MCE001b6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001b7\MCE001b7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001b8\MCE001b8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001b9\MCE001b9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001ba\MCE001ba
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001bb\MCE001bb
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001bc\MCE001bc
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001bd\MCE001bd
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001be\MCE001be
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001bf\MCE001bf
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001c0\MCE001c0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001c1\MCE001c1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE001c2\MCE001c2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Finished!
Hi again,
Download The Avenger by Swandog46 from here (http://swandog46.geekstogo.com/avenger2/download.php).
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
Files to move:
C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll
In the avenger window, click the Paste Script from Clipboard, http://img220.imageshack.us/img220/8923/pastets4.png button.
Click the Execute button.
You will be asked Are you sure you want to execute the current script?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.
scotsking
2009-11-22, 01:53
hi again
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
Thanks for your help
Hi and thanks for the log :)
Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
scotsking
2009-11-22, 02:17
DDS (Ver_09-09-29.01) - NTFSx86
Run by Shirley King at 0:13:31.37 on 22/11/2009
Internet Explorer: 7.0.5730.11
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files\stopzilla!\toolbar\SZIESearchHook.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\toolbar\SZSG.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\virgin broadband\pcguard\pkR.dll
BHO: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {6BC5308C-CC79-4EEC-AB32-5AC866EDE457} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7C422B5F-0021-4C34-906D-4D1C32B863EA} - No File
BHO: {8F7BA1DE-ED6D-4510-AAA4-5656FF9B4F41} - No File
BHO: RepliGoIEHelperCtl Class: {91de4477-9cdc-4806-9bcb-28a963988e94} - c:\program files\cerience\repligo\RepliGoIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &RepliGo: {81f4066b-f330-4872-8094-3e9fbccec8c1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\toolbar\SZSG.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [V Stuff Backup] "c:\program files\virginmedia\v stuff backup\v_stuff_backup.exe" /delayed
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
mRun: [RepliGo Assistant] "c:\program files\cerience\repligo\RepliGoMon.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [HostManager] c:\program files\common files\aol\1183232413\ee\AOLSoftware.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate Page into English
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216545191984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} - hxxp://www.bootsdigitalphotocentre.com/wpp/boots/app/opcuploader.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\shirle~1\applic~1\mozilla\firefox\profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\stopzilla!\toolbar\extension\components\SiteGuardFF.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virgin broadband\advisor\nprpspa.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
============= SERVICES / DRIVERS ===============
============== File Associations ===============
regfile=regedit.exe "%1" %*
=============== Created Last 30 ================
2009-11-21 13:07 664 a------- c:\windows\system32\d3d9caps.dat
2009-11-15 17:36 20 a------- c:\windows\system32\SYSTEM
2009-11-05 23:15 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-11-05 23:15 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-11-05 23:15 71,184 a------- c:\windows\system32\drivers\DefragFS.sys
2009-11-05 23:15 <DIR> --d----- c:\program files\Raxco
2009-11-05 23:12 <DIR> --d----- c:\program files\Virgin Broadband
2009-11-05 20:04 3,501,600 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-11-05 20:04 48,968 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-11-05 19:46 87,072 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-11-05 19:46 10,208 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-11-05 19:29 40 a------- c:\windows\system32\????????????????????????????????????g
2009-11-05 19:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Virgin Broadband
2009-11-03 17:18 384 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-03 17:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-11-03 17:16 <DIR> --d----- c:\program files\STOPzilla!
2009-11-03 17:16 <DIR> --d----- c:\program files\common files\iS3
2009-11-03 17:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-11-03 13:03 0 a------- c:\windows\win32k.sys
==================== Find3M ====================
2009-09-11 14:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-06 16:11 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-09-04 21:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 21:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 10:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18 634,648 a------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 08:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2006-10-10 21:13 100,448 a------- c:\program files\MC
2007-12-22 15:43 56 ---shr-- c:\windows\system32\8731209D39.sys
2008-08-03 15:11 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080320080804\index.dat
2008-08-03 12:41 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-08-03 12:41 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-08-03 12:41 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 0:14:00.84 ===============
scotsking
2009-11-22, 02:18
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
==== Disk Partitions =========================
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Adobe® Photoshop® Album Starter Edition 3.0
Andrea VoiceCenter
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARTEuro
ATI Control Panel
ATI Display Driver
Blade Runner
Bonjour
Corel Paint Shop Pro X
Corel Photo Album 6
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen Micro
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 5.0.0 (630)
Dell System Restore
Documents To Go
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan Assistant
EPSON Web-To-Page
ESPNMotion
ESPR220 User's Guide
First Step Guide
FLV Player 2.0 (build 25)
FUJIFILM FinePixViewer S Ver.2.1
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Image Converter Wide 1.2
ImageMixer VCD2
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iS3 STOPzilla Toolbar
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Kinoma Producer for Palm, Inc.
Learn2 Player (Uninstall Only)
LucasArts' Monkey 4
Macromedia Flash Player
MAGIX Movie Edit Pro 2005
Malwarebytes' Anti-Malware
MCU
Media Center Extender
Medieval II Total War
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Age of Empires II
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 99
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
Microsoft XML Parser
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Movie Joiner
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Myst V End Of Ages
MyWay Search Assistant
Otto
palmOne
PerfectDisk 2008
Picture Package
PIF DESIGNER
PL-2303 USB-to-Serial
QuickTime
RealPlayer
RepliGo Desktop (remove only)
RepliGo Viewer (remove only)
Rome - Total War - Gold Edition
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
RPS Burn
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS Ksdk
RPS ParentalControl
RPS PerfectDiskStub
RPS PopupBlocker
RPS RpsCore
RPS SafeConnect
Safari
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sid Meier's Civilization 4
SmartSoft Video Converter
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sony USB Driver
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
SPC XL 2000
Spybot - Search & Destroy
Talex update utility
Talex update utility (C:\Program Files\Talex update utility\) #3
The Settlers - 10th Anniversary - Demo
THE SETTLERS - Rise of an Empire Demo
The Sims 2
Tiscali Internet
Tycoon City - New York
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
V Stuff Backup v1.0.0.12705
Viewpoint Media Player
Virgin Broadband advisor 1.5.24
Virgin Broadband PCguard
Wanadoo Europe Installer
Watson
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
World of Warcraft Trial
Xfire (remove only)
Yahoo! Toolbar
==== End Of File ===========================
Thanks
scotsking
2009-11-22, 03:30
Hi Blade
forgot to post this one
Running from: E:\win32kdiag.exe
Log file at : C:\Documents and Settings\Shirley King\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899
Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760
Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496
Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338
Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784
Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168
Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729
Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568
Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460
Found mount point : C:\WINDOWS\$hf_mig$\KB969947\KB969947
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB969947\KB969947
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\BDATunePIA\BDATunePIA
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\ehCIR
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehcommon\ehcommon
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\ehepgdat
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\ehExtCOM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtCOM\ehExtCOM
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehExtHost\ehExtHost
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtCOM\ehiExtCOM
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\ehiExtens
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiExtens\ehiExtens
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiMsgr\ehiMsgr
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\ehiProxy
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiUserXp\ehiUserXp
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiVidCtl\ehiVidCtl
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\ehiwmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiwmp\ehiwmp
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiWUapi\ehiWUapi
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\ehRecObj
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.MediaCenter\Microsoft.MediaCenter
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\temp\temp
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Config\Config
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : C:\WINDOWS\erdnt\erdnt
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\erdnt\erdnt
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ftpcache\ftpcache
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp\applets\applets
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp98\imejp98
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\classes\classes
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\trustlib\trustlib
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo
Found mount point : C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps
Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PIF\PIF
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4a78de12f193191bac68c80878ef4c27\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4a78de12f193191bac68c80878ef4c27\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\backup\backup
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exe
Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exe
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\5a0d771158cfd69be5ddd26d8f58c73b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\5a0d771158cfd69be5ddd26d8f58c73b
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Cannot access: C:\WINDOWS\system32\MRT.exe
Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe
Cannot access: C:\WINDOWS\system32\svchost.exe
Attempting to restore permissions of : C:\WINDOWS\system32\svchost.exe
Note: Granted Everyone Full Access to svchost.exe
Found mount point : C:\WINDOWS\Temp\CTJBNS\Copy\Copy
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\CTJBNS\Copy\Copy
Found mount point : C:\WINDOWS\Temp\CTJBNS\Excute\Excute
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\CTJBNS\Excute\Excute
Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar
Found mount point : C:\WINDOWS\Temp\History\Results\Results
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\History\Results\Results
Found mount point : C:\WINDOWS\Temp\MCE00000\MCE00000
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00000\MCE00000
Found mount point : C:\WINDOWS\Temp\MCE00001\MCE00001
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00001\MCE00001
Found mount point : C:\WINDOWS\Temp\MCE00002\MCE00002
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00002\MCE00002
Found mount point : C:\WINDOWS\Temp\MCE00003\MCE00003
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00003\MCE00003
Found mount point : C:\WINDOWS\Temp\MCE00004\MCE00004
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00004\MCE00004
Found mount point : C:\WINDOWS\Temp\MCE00005\MCE00005
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00005\MCE00005
Found mount point : C:\WINDOWS\Temp\MCE00006\MCE00006
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00006\MCE00006
Found mount point : C:\WINDOWS\Temp\MCE00007\MCE00007
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00007\MCE00007
Found mount point : C:\WINDOWS\Temp\MCE00008\MCE00008
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00008\MCE00008
Found mount point : C:\WINDOWS\Temp\MCE00009\MCE00009
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00009\MCE00009
Found mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a
Found mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b
Found mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c
Found mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d
Found mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e
Found mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f
Found mount point : C:\WINDOWS\Temp\MCE00010\MCE00010
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00010\MCE00010
Found mount point : C:\WINDOWS\Temp\MCE00011\MCE00011
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00011\MCE00011
Found mount point : C:\WINDOWS\Temp\MCE00012\MCE00012
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00012\MCE00012
Found mount point : C:\WINDOWS\Temp\MCE00013\MCE00013
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00013\MCE00013
Found mount point : C:\WINDOWS\Temp\MCE00014\MCE00014
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00014\MCE00014
Found mount point : C:\WINDOWS\Temp\MCE00015\MCE00015
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00015\MCE00015
Found mount point : C:\WINDOWS\Temp\MCE00016\MCE00016
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00016\MCE00016
Found mount point : C:\WINDOWS\Temp\MCE00017\MCE00017
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00017\MCE00017
Found mount point : C:\WINDOWS\Temp\MCE00018\MCE00018
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00018\MCE00018
Found mount point : C:\WINDOWS\Temp\MCE00019\MCE00019
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00019\MCE00019
Found mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a
Found mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b
Found mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c
Found mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d
Found mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e
Found mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f
Found mount point : C:\WINDOWS\Temp\MCE00020\MCE00020
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00020\MCE00020
Found mount point : C:\WINDOWS\Temp\MCE00021\MCE00021
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00021\MCE00021
Found mount point : C:\WINDOWS\Temp\MCE00022\MCE00022
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00022\MCE00022
Found mount point : C:\WINDOWS\Temp\MCE00023\MCE00023
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00023\MCE00023
Found mount point : C:\WINDOWS\Temp\MCE00024\MCE00024
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00024\MCE00024
Found mount point : C:\WINDOWS\Temp\MCE00025\MCE00025
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00025\MCE00025
Found mount point : C:\WINDOWS\Temp\MCE00026\MCE00026
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00026\MCE00026
Found mount point : C:\WINDOWS\Temp\MCE00027\MCE00027
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00027\MCE00027
Found mount point : C:\WINDOWS\Temp\MCE00028\MCE00028
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00028\MCE00028
Found mount point : C:\WINDOWS\Temp\MCE00029\MCE00029
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00029\MCE00029
Found mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a
Found mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b
Found mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c
Found mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d
Found mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e
Found mount point : C:\WINDOWS\Temp\MCE0002f\MCE0002f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0002f\MCE0002f
Found mount point : C:\WINDOWS\Temp\MCE00030\MCE00030
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00030\MCE00030
Found mount point : C:\WINDOWS\Temp\MCE00031\MCE00031
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00031\MCE00031
Found mount point : C:\WINDOWS\Temp\MCE00032\MCE00032
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00032\MCE00032
Found mount point : C:\WINDOWS\Temp\MCE00033\MCE00033
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00033\MCE00033
Found mount point : C:\WINDOWS\Temp\MCE00034\MCE00034
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00034\MCE00034
Found mount point : C:\WINDOWS\Temp\MCE00035\MCE00035
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00035\MCE00035
Found mount point : C:\WINDOWS\Temp\MCE00036\MCE00036
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00036\MCE00036
Found mount point : C:\WINDOWS\Temp\MCE00037\MCE00037
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00037\MCE00037
Found mount point : C:\WINDOWS\Temp\MCE00038\MCE00038
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00038\MCE00038
Found mount point : C:\WINDOWS\Temp\MCE00039\MCE00039
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00039\MCE00039
Found mount point : C:\WINDOWS\Temp\MCE0003a\MCE0003a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0003a\MCE0003a
Found mount point : C:\WINDOWS\Temp\MCE0003b\MCE0003b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0003b\MCE0003b
Found mount point : C:\WINDOWS\Temp\MCE0003c\MCE0003c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0003c\MCE0003c
Found mount point : C:\WINDOWS\Temp\MCE0003d\MCE0003d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0003d\MCE0003d
Found mount point : C:\WINDOWS\Temp\MCE0003e\MCE0003e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0003e\MCE0003e
Found mount point : C:\WINDOWS\Temp\MCE0003f\MCE0003f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0003f\MCE0003f
Found mount point : C:\WINDOWS\Temp\MCE00040\MCE00040
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00040\MCE00040
Found mount point : C:\WINDOWS\Temp\MCE00041\MCE00041
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00041\MCE00041
Found mount point : C:\WINDOWS\Temp\MCE00042\MCE00042
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00042\MCE00042
Found mount point : C:\WINDOWS\Temp\MCE00043\MCE00043
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00043\MCE00043
Found mount point : C:\WINDOWS\Temp\MCE00044\MCE00044
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00044\MCE00044
Found mount point : C:\WINDOWS\Temp\MCE00045\MCE00045
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00045\MCE00045
Found mount point : C:\WINDOWS\Temp\MCE00046\MCE00046
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00046\MCE00046
Found mount point : C:\WINDOWS\Temp\MCE00047\MCE00047
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00047\MCE00047
Found mount point : C:\WINDOWS\Temp\MCE00048\MCE00048
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00048\MCE00048
Found mount point : C:\WINDOWS\Temp\MCE00049\MCE00049
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00049\MCE00049
Found mount point : C:\WINDOWS\Temp\MCE0004a\MCE0004a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0004a\MCE0004a
Found mount point : C:\WINDOWS\Temp\MCE0004b\MCE0004b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0004b\MCE0004b
Found mount point : C:\WINDOWS\Temp\MCE0004c\MCE0004c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0004c\MCE0004c
Found mount point : C:\WINDOWS\Temp\MCE0004d\MCE0004d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0004d\MCE0004d
Found mount point : C:\WINDOWS\Temp\MCE0004e\MCE0004e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0004e\MCE0004e
Found mount point : C:\WINDOWS\Temp\MCE0004f\MCE0004f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0004f\MCE0004f
Found mount point : C:\WINDOWS\Temp\MCE00050\MCE00050
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00050\MCE00050
Found mount point : C:\WINDOWS\Temp\MCE00051\MCE00051
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00051\MCE00051
Found mount point : C:\WINDOWS\Temp\MCE00052\MCE00052
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00052\MCE00052
Found mount point : C:\WINDOWS\Temp\MCE00053\MCE00053
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00053\MCE00053
Found mount point : C:\WINDOWS\Temp\MCE00054\MCE00054
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00054\MCE00054
Found mount point : C:\WINDOWS\Temp\MCE00055\MCE00055
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00055\MCE00055
Found mount point : C:\WINDOWS\Temp\MCE00056\MCE00056
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00056\MCE00056
Found mount point : C:\WINDOWS\Temp\MCE00057\MCE00057
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00057\MCE00057
Found mount point : C:\WINDOWS\Temp\MCE00058\MCE00058
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00058\MCE00058
Found mount point : C:\WINDOWS\Temp\MCE00059\MCE00059
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00059\MCE00059
Found mount point : C:\WINDOWS\Temp\MCE0005a\MCE0005a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0005a\MCE0005a
Found mount point : C:\WINDOWS\Temp\MCE0005b\MCE0005b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0005b\MCE0005b
Found mount point : C:\WINDOWS\Temp\MCE0005c\MCE0005c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0005c\MCE0005c
Found mount point : C:\WINDOWS\Temp\MCE0005d\MCE0005d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0005d\MCE0005d
Found mount point : C:\WINDOWS\Temp\MCE0005e\MCE0005e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0005e\MCE0005e
Found mount point : C:\WINDOWS\Temp\MCE0005f\MCE0005f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0005f\MCE0005f
Found mount point : C:\WINDOWS\Temp\MCE00060\MCE00060
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00060\MCE00060
Found mount point : C:\WINDOWS\Temp\MCE00061\MCE00061
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00061\MCE00061
Found mount point : C:\WINDOWS\Temp\MCE00062\MCE00062
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00062\MCE00062
Found mount point : C:\WINDOWS\Temp\MCE00063\MCE00063
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00063\MCE00063
Found mount point : C:\WINDOWS\Temp\MCE00064\MCE00064
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00064\MCE00064
Found mount point : C:\WINDOWS\Temp\MCE00065\MCE00065
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00065\MCE00065
Found mount point : C:\WINDOWS\Temp\MCE00066\MCE00066
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00066\MCE00066
Found mount point : C:\WINDOWS\Temp\MCE00067\MCE00067
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00067\MCE00067
Found mount point : C:\WINDOWS\Temp\MCE00068\MCE00068
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00068\MCE00068
Found mount point : C:\WINDOWS\Temp\MCE00069\MCE00069
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00069\MCE00069
Found mount point : C:\WINDOWS\Temp\MCE0006a\MCE0006a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0006a\MCE0006a
Found mount point : C:\WINDOWS\Temp\MCE0006b\MCE0006b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0006b\MCE0006b
Found mount point : C:\WINDOWS\Temp\MCE0006c\MCE0006c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0006c\MCE0006c
Found mount point : C:\WINDOWS\Temp\MCE0006d\MCE0006d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0006d\MCE0006d
Found mount point : C:\WINDOWS\Temp\MCE0006e\MCE0006e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0006e\MCE0006e
Found mount point : C:\WINDOWS\Temp\MCE0006f\MCE0006f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0006f\MCE0006f
Found mount point : C:\WINDOWS\Temp\MCE00070\MCE00070
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00070\MCE00070
Found mount point : C:\WINDOWS\Temp\MCE00071\MCE00071
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00071\MCE00071
Found mount point : C:\WINDOWS\Temp\MCE00072\MCE00072
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00072\MCE00072
Found mount point : C:\WINDOWS\Temp\MCE00073\MCE00073
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00073\MCE00073
Found mount point : C:\WINDOWS\Temp\MCE00074\MCE00074
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00074\MCE00074
Found mount point : C:\WINDOWS\Temp\MCE00075\MCE00075
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00075\MCE00075
Found mount point : C:\WINDOWS\Temp\MCE00076\MCE00076
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00076\MCE00076
Found mount point : C:\WINDOWS\Temp\MCE00077\MCE00077
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00077\MCE00077
Found mount point : C:\WINDOWS\Temp\MCE00078\MCE00078
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00078\MCE00078
Found mount point : C:\WINDOWS\Temp\MCE00079\MCE00079
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00079\MCE00079
Found mount point : C:\WINDOWS\Temp\MCE0007a\MCE0007a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0007a\MCE0007a
Found mount point : C:\WINDOWS\Temp\MCE0007b\MCE0007b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0007b\MCE0007b
Found mount point : C:\WINDOWS\Temp\MCE0007c\MCE0007c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0007c\MCE0007c
Found mount point : C:\WINDOWS\Temp\MCE0007d\MCE0007d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0007d\MCE0007d
Found mount point : C:\WINDOWS\Temp\MCE0007e\MCE0007e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0007e\MCE0007e
Found mount point : C:\WINDOWS\Temp\MCE0007f\MCE0007f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0007f\MCE0007f
Found mount point : C:\WINDOWS\Temp\MCE00080\MCE00080
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00080\MCE00080
Found mount point : C:\WINDOWS\Temp\MCE00081\MCE00081
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00081\MCE00081
Found mount point : C:\WINDOWS\Temp\MCE00082\MCE00082
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00082\MCE00082
Found mount point : C:\WINDOWS\Temp\MCE00083\MCE00083
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00083\MCE00083
Found mount point : C:\WINDOWS\Temp\MCE00084\MCE00084
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00084\MCE00084
Found mount point : C:\WINDOWS\Temp\MCE00085\MCE00085
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00085\MCE00085
Found mount point : C:\WINDOWS\Temp\MCE00086\MCE00086
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00086\MCE00086
Found mount point : C:\WINDOWS\Temp\MCE00087\MCE00087
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00087\MCE00087
Found mount point : C:\WINDOWS\Temp\MCE00088\MCE00088
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00088\MCE00088
Found mount point : C:\WINDOWS\Temp\MCE00089\MCE00089
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00089\MCE00089
Found mount point : C:\WINDOWS\Temp\MCE0008a\MCE0008a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0008a\MCE0008a
Found mount point : C:\WINDOWS\Temp\MCE0008b\MCE0008b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0008b\MCE0008b
Found mount point : C:\WINDOWS\Temp\MCE0008c\MCE0008c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0008c\MCE0008c
Found mount point : C:\WINDOWS\Temp\MCE0008d\MCE0008d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0008d\MCE0008d
Found mount point : C:\WINDOWS\Temp\MCE0008e\MCE0008e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0008e\MCE0008e
Found mount point : C:\WINDOWS\Temp\MCE0008f\MCE0008f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0008f\MCE0008f
Found mount point : C:\WINDOWS\Temp\MCE00090\MCE00090
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00090\MCE00090
Found mount point : C:\WINDOWS\Temp\MCE00091\MCE00091
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00091\MCE00091
Found mount point : C:\WINDOWS\Temp\MCE00092\MCE00092
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00092\MCE00092
Found mount point : C:\WINDOWS\Temp\MCE00093\MCE00093
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00093\MCE00093
Found mount point : C:\WINDOWS\Temp\MCE00094\MCE00094
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00094\MCE00094
Found mount point : C:\WINDOWS\Temp\MCE00095\MCE00095
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00095\MCE00095
Found mount point : C:\WINDOWS\Temp\MCE00096\MCE00096
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00096\MCE00096
Found mount point : C:\WINDOWS\Temp\MCE00097\MCE00097
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00097\MCE00097
Found mount point : C:\WINDOWS\Temp\MCE00098\MCE00098
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00098\MCE00098
Found mount point : C:\WINDOWS\Temp\MCE00099\MCE00099
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00099\MCE00099
Found mount point : C:\WINDOWS\Temp\MCE0009a\MCE0009a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0009a\MCE0009a
Found mount point : C:\WINDOWS\Temp\MCE0009b\MCE0009b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0009b\MCE0009b
Found mount point : C:\WINDOWS\Temp\MCE0009c\MCE0009c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0009c\MCE0009c
Found mount point : C:\WINDOWS\Temp\MCE0009d\MCE0009d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0009d\MCE0009d
Found mount point : C:\WINDOWS\Temp\MCE0009e\MCE0009e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0009e\MCE0009e
Found mount point : C:\WINDOWS\Temp\MCE0009f\MCE0009f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0009f\MCE0009f
Found mount point : C:\WINDOWS\Temp\MCE000a0\MCE000a0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000a0\MCE000a0
Found mount point : C:\WINDOWS\Temp\MCE000a1\MCE000a1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000a1\MCE000a1
Found mount point : C:\WINDOWS\Temp\MCE000a2\MCE000a2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000a2\MCE000a2
Found mount point : C:\WINDOWS\Temp\MCE000a3\MCE000a3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000a3\MCE000a3
Found mount point : C:\WINDOWS\Temp\MCE000a4\MCE000a4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000a4\MCE000a4
Found mount point : C:\WINDOWS\Temp\MCE000a5\MCE000a5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000a5\MCE000a5
Found mount point : C:\WINDOWS\Temp\MCE000a6\MCE000a6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000a6\MCE000a6
Found mount point : C:\WINDOWS\Temp\MCE000a7\MCE000a7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000a7\MCE000a7
Found mount point : C:\WINDOWS\Temp\MCE000a8\MCE000a8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000a8\MCE000a8
Found mount point : C:\WINDOWS\Temp\MCE000a9\MCE000a9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000a9\MCE000a9
Found mount point : C:\WINDOWS\Temp\MCE000aa\MCE000aa
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000aa\MCE000aa
Found mount point : C:\WINDOWS\Temp\MCE000ab\MCE000ab
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ab\MCE000ab
Found mount point : C:\WINDOWS\Temp\MCE000ac\MCE000ac
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ac\MCE000ac
Found mount point : C:\WINDOWS\Temp\MCE000ad\MCE000ad
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ad\MCE000ad
Found mount point : C:\WINDOWS\Temp\MCE000ae\MCE000ae
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ae\MCE000ae
Found mount point : C:\WINDOWS\Temp\MCE000af\MCE000af
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000af\MCE000af
Found mount point : C:\WINDOWS\Temp\MCE000b0\MCE000b0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000b0\MCE000b0
Found mount point : C:\WINDOWS\Temp\MCE000b1\MCE000b1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000b1\MCE000b1
Found mount point : C:\WINDOWS\Temp\MCE000b2\MCE000b2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000b2\MCE000b2
Found mount point : C:\WINDOWS\Temp\MCE000b3\MCE000b3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000b3\MCE000b3
Found mount point : C:\WINDOWS\Temp\MCE000b4\MCE000b4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000b4\MCE000b4
Found mount point : C:\WINDOWS\Temp\MCE000b5\MCE000b5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000b5\MCE000b5
Found mount point : C:\WINDOWS\Temp\MCE000b6\MCE000b6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000b6\MCE000b6
Found mount point : C:\WINDOWS\Temp\MCE000b7\MCE000b7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000b7\MCE000b7
Found mount point : C:\WINDOWS\Temp\MCE000b8\MCE000b8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000b8\MCE000b8
Found mount point : C:\WINDOWS\Temp\MCE000b9\MCE000b9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000b9\MCE000b9
Found mount point : C:\WINDOWS\Temp\MCE000ba\MCE000ba
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ba\MCE000ba
Found mount point : C:\WINDOWS\Temp\MCE000bb\MCE000bb
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000bb\MCE000bb
Found mount point : C:\WINDOWS\Temp\MCE000bc\MCE000bc
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000bc\MCE000bc
Found mount point : C:\WINDOWS\Temp\MCE000bd\MCE000bd
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000bd\MCE000bd
Found mount point : C:\WINDOWS\Temp\MCE000be\MCE000be
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000be\MCE000be
Found mount point : C:\WINDOWS\Temp\MCE000bf\MCE000bf
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000bf\MCE000bf
Found mount point : C:\WINDOWS\Temp\MCE000c0\MCE000c0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000c0\MCE000c0
Found mount point : C:\WINDOWS\Temp\MCE000c1\MCE000c1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000c1\MCE000c1
Found mount point : C:\WINDOWS\Temp\MCE000c2\MCE000c2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000c2\MCE000c2
Found mount point : C:\WINDOWS\Temp\MCE000c3\MCE000c3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000c3\MCE000c3
Found mount point : C:\WINDOWS\Temp\MCE000c4\MCE000c4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000c4\MCE000c4
Found mount point : C:\WINDOWS\Temp\MCE000c5\MCE000c5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000c5\MCE000c5
Found mount point : C:\WINDOWS\Temp\MCE000c6\MCE000c6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000c6\MCE000c6
Found mount point : C:\WINDOWS\Temp\MCE000c7\MCE000c7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000c7\MCE000c7
Found mount point : C:\WINDOWS\Temp\MCE000c8\MCE000c8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000c8\MCE000c8
Found mount point : C:\WINDOWS\Temp\MCE000c9\MCE000c9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000c9\MCE000c9
Found mount point : C:\WINDOWS\Temp\MCE000ca\MCE000ca
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ca\MCE000ca
Found mount point : C:\WINDOWS\Temp\MCE000cb\MCE000cb
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000cb\MCE000cb
Found mount point : C:\WINDOWS\Temp\MCE000cc\MCE000cc
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000cc\MCE000cc
Found mount point : C:\WINDOWS\Temp\MCE000cd\MCE000cd
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000cd\MCE000cd
Found mount point : C:\WINDOWS\Temp\MCE000ce\MCE000ce
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ce\MCE000ce
Found mount point : C:\WINDOWS\Temp\MCE000cf\MCE000cf
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000cf\MCE000cf
Found mount point : C:\WINDOWS\Temp\MCE000d0\MCE000d0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000d0\MCE000d0
Found mount point : C:\WINDOWS\Temp\MCE000d1\MCE000d1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000d1\MCE000d1
Found mount point : C:\WINDOWS\Temp\MCE000d2\MCE000d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000d2\MCE000d2
Found mount point : C:\WINDOWS\Temp\MCE000d3\MCE000d3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000d3\MCE000d3
Found mount point : C:\WINDOWS\Temp\MCE000d4\MCE000d4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000d4\MCE000d4
Found mount point : C:\WINDOWS\Temp\MCE000d5\MCE000d5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000d5\MCE000d5
Found mount point : C:\WINDOWS\Temp\MCE000d6\MCE000d6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000d6\MCE000d6
Found mount point : C:\WINDOWS\Temp\MCE000d7\MCE000d7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000d7\MCE000d7
Found mount point : C:\WINDOWS\Temp\MCE000d8\MCE000d8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000d8\MCE000d8
Found mount point : C:\WINDOWS\Temp\MCE000d9\MCE000d9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000d9\MCE000d9
Found mount point : C:\WINDOWS\Temp\MCE000da\MCE000da
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000da\MCE000da
Found mount point : C:\WINDOWS\Temp\MCE000db\MCE000db
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000db\MCE000db
Found mount point : C:\WINDOWS\Temp\MCE000dc\MCE000dc
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000dc\MCE000dc
Found mount point : C:\WINDOWS\Temp\MCE000dd\MCE000dd
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000dd\MCE000dd
Found mount point : C:\WINDOWS\Temp\MCE000de\MCE000de
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000de\MCE000de
Found mount point : C:\WINDOWS\Temp\MCE000df\MCE000df
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000df\MCE000df
Found mount point : C:\WINDOWS\Temp\MCE000e0\MCE000e0
Mount point destination : \Device\__max++>\^
scotsking
2009-11-22, 03:31
Removing mount point : C:\WINDOWS\Temp\MCE000e0\MCE000e0
Found mount point : C:\WINDOWS\Temp\MCE000e1\MCE000e1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e1\MCE000e1
Found mount point : C:\WINDOWS\Temp\MCE000e2\MCE000e2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e2\MCE000e2
Found mount point : C:\WINDOWS\Temp\MCE000e3\MCE000e3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e3\MCE000e3
Found mount point : C:\WINDOWS\Temp\MCE000e4\MCE000e4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e4\MCE000e4
Found mount point : C:\WINDOWS\Temp\MCE000e5\MCE000e5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e5\MCE000e5
Found mount point : C:\WINDOWS\Temp\MCE000e6\MCE000e6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e6\MCE000e6
Found mount point : C:\WINDOWS\Temp\MCE000e7\MCE000e7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e7\MCE000e7
Found mount point : C:\WINDOWS\Temp\MCE000e8\MCE000e8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e8\MCE000e8
Found mount point : C:\WINDOWS\Temp\MCE000e9\MCE000e9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000e9\MCE000e9
Found mount point : C:\WINDOWS\Temp\MCE000ea\MCE000ea
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ea\MCE000ea
Found mount point : C:\WINDOWS\Temp\MCE000eb\MCE000eb
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000eb\MCE000eb
Found mount point : C:\WINDOWS\Temp\MCE000ec\MCE000ec
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ec\MCE000ec
Found mount point : C:\WINDOWS\Temp\MCE000ed\MCE000ed
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ed\MCE000ed
Found mount point : C:\WINDOWS\Temp\MCE000ee\MCE000ee
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ee\MCE000ee
Found mount point : C:\WINDOWS\Temp\MCE000ef\MCE000ef
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ef\MCE000ef
Found mount point : C:\WINDOWS\Temp\MCE000f0\MCE000f0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f0\MCE000f0
Found mount point : C:\WINDOWS\Temp\MCE000f1\MCE000f1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f1\MCE000f1
Found mount point : C:\WINDOWS\Temp\MCE000f2\MCE000f2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f2\MCE000f2
Found mount point : C:\WINDOWS\Temp\MCE000f3\MCE000f3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f3\MCE000f3
Found mount point : C:\WINDOWS\Temp\MCE000f4\MCE000f4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f4\MCE000f4
Found mount point : C:\WINDOWS\Temp\MCE000f5\MCE000f5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f5\MCE000f5
Found mount point : C:\WINDOWS\Temp\MCE000f6\MCE000f6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f6\MCE000f6
Found mount point : C:\WINDOWS\Temp\MCE000f7\MCE000f7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f7\MCE000f7
Found mount point : C:\WINDOWS\Temp\MCE000f8\MCE000f8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f8\MCE000f8
Found mount point : C:\WINDOWS\Temp\MCE000f9\MCE000f9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000f9\MCE000f9
Found mount point : C:\WINDOWS\Temp\MCE000fa\MCE000fa
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000fa\MCE000fa
Found mount point : C:\WINDOWS\Temp\MCE000fb\MCE000fb
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000fb\MCE000fb
Found mount point : C:\WINDOWS\Temp\MCE000fc\MCE000fc
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000fc\MCE000fc
Found mount point : C:\WINDOWS\Temp\MCE000fd\MCE000fd
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000fd\MCE000fd
Found mount point : C:\WINDOWS\Temp\MCE000fe\MCE000fe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000fe\MCE000fe
Found mount point : C:\WINDOWS\Temp\MCE000ff\MCE000ff
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE000ff\MCE000ff
Found mount point : C:\WINDOWS\Temp\MCE00100\MCE00100
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00100\MCE00100
Found mount point : C:\WINDOWS\Temp\MCE00101\MCE00101
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00101\MCE00101
Found mount point : C:\WINDOWS\Temp\MCE00102\MCE00102
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00102\MCE00102
Found mount point : C:\WINDOWS\Temp\MCE00103\MCE00103
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00103\MCE00103
Found mount point : C:\WINDOWS\Temp\MCE00104\MCE00104
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00104\MCE00104
Found mount point : C:\WINDOWS\Temp\MCE00105\MCE00105
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00105\MCE00105
Found mount point : C:\WINDOWS\Temp\MCE00106\MCE00106
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00106\MCE00106
Found mount point : C:\WINDOWS\Temp\MCE00107\MCE00107
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00107\MCE00107
Found mount point : C:\WINDOWS\Temp\MCE00108\MCE00108
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00108\MCE00108
Found mount point : C:\WINDOWS\Temp\MCE00109\MCE00109
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00109\MCE00109
Found mount point : C:\WINDOWS\Temp\MCE0010a\MCE0010a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010a\MCE0010a
Found mount point : C:\WINDOWS\Temp\MCE0010b\MCE0010b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010b\MCE0010b
Found mount point : C:\WINDOWS\Temp\MCE0010c\MCE0010c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010c\MCE0010c
Found mount point : C:\WINDOWS\Temp\MCE0010d\MCE0010d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010d\MCE0010d
Found mount point : C:\WINDOWS\Temp\MCE0010e\MCE0010e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010e\MCE0010e
Found mount point : C:\WINDOWS\Temp\MCE0010f\MCE0010f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0010f\MCE0010f
Found mount point : C:\WINDOWS\Temp\MCE00110\MCE00110
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00110\MCE00110
Found mount point : C:\WINDOWS\Temp\MCE00111\MCE00111
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00111\MCE00111
Found mount point : C:\WINDOWS\Temp\MCE00112\MCE00112
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00112\MCE00112
Found mount point : C:\WINDOWS\Temp\MCE00113\MCE00113
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00113\MCE00113
Found mount point : C:\WINDOWS\Temp\MCE00114\MCE00114
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00114\MCE00114
Found mount point : C:\WINDOWS\Temp\MCE00115\MCE00115
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00115\MCE00115
Found mount point : C:\WINDOWS\Temp\MCE00116\MCE00116
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00116\MCE00116
Found mount point : C:\WINDOWS\Temp\MCE00117\MCE00117
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00117\MCE00117
Found mount point : C:\WINDOWS\Temp\MCE00118\MCE00118
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00118\MCE00118
Found mount point : C:\WINDOWS\Temp\MCE00119\MCE00119
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00119\MCE00119
Found mount point : C:\WINDOWS\Temp\MCE0011a\MCE0011a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011a\MCE0011a
Found mount point : C:\WINDOWS\Temp\MCE0011b\MCE0011b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011b\MCE0011b
Found mount point : C:\WINDOWS\Temp\MCE0011c\MCE0011c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011c\MCE0011c
Found mount point : C:\WINDOWS\Temp\MCE0011d\MCE0011d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011d\MCE0011d
Found mount point : C:\WINDOWS\Temp\MCE0011e\MCE0011e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011e\MCE0011e
Found mount point : C:\WINDOWS\Temp\MCE0011f\MCE0011f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0011f\MCE0011f
Found mount point : C:\WINDOWS\Temp\MCE00120\MCE00120
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00120\MCE00120
Found mount point : C:\WINDOWS\Temp\MCE00121\MCE00121
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00121\MCE00121
Found mount point : C:\WINDOWS\Temp\MCE00122\MCE00122
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00122\MCE00122
Found mount point : C:\WINDOWS\Temp\MCE00123\MCE00123
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00123\MCE00123
Found mount point : C:\WINDOWS\Temp\MCE00124\MCE00124
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00124\MCE00124
Found mount point : C:\WINDOWS\Temp\MCE00125\MCE00125
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00125\MCE00125
Found mount point : C:\WINDOWS\Temp\MCE00126\MCE00126
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00126\MCE00126
Found mount point : C:\WINDOWS\Temp\MCE00127\MCE00127
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00127\MCE00127
Found mount point : C:\WINDOWS\Temp\MCE00128\MCE00128
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00128\MCE00128
Found mount point : C:\WINDOWS\Temp\MCE00129\MCE00129
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00129\MCE00129
Found mount point : C:\WINDOWS\Temp\MCE0012a\MCE0012a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012a\MCE0012a
Found mount point : C:\WINDOWS\Temp\MCE0012b\MCE0012b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012b\MCE0012b
Found mount point : C:\WINDOWS\Temp\MCE0012c\MCE0012c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012c\MCE0012c
Found mount point : C:\WINDOWS\Temp\MCE0012d\MCE0012d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012d\MCE0012d
Found mount point : C:\WINDOWS\Temp\MCE0012e\MCE0012e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012e\MCE0012e
Found mount point : C:\WINDOWS\Temp\MCE0012f\MCE0012f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0012f\MCE0012f
Found mount point : C:\WINDOWS\Temp\MCE00130\MCE00130
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00130\MCE00130
Found mount point : C:\WINDOWS\Temp\MCE00131\MCE00131
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00131\MCE00131
Found mount point : C:\WINDOWS\Temp\MCE00132\MCE00132
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00132\MCE00132
Found mount point : C:\WINDOWS\Temp\MCE00133\MCE00133
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00133\MCE00133
Found mount point : C:\WINDOWS\Temp\MCE00134\MCE00134
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00134\MCE00134
Found mount point : C:\WINDOWS\Temp\MCE00135\MCE00135
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00135\MCE00135
Found mount point : C:\WINDOWS\Temp\MCE00136\MCE00136
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00136\MCE00136
Found mount point : C:\WINDOWS\Temp\MCE00137\MCE00137
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00137\MCE00137
Found mount point : C:\WINDOWS\Temp\MCE00138\MCE00138
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00138\MCE00138
Found mount point : C:\WINDOWS\Temp\MCE00139\MCE00139
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00139\MCE00139
Found mount point : C:\WINDOWS\Temp\MCE0013a\MCE0013a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013a\MCE0013a
Found mount point : C:\WINDOWS\Temp\MCE0013b\MCE0013b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013b\MCE0013b
Found mount point : C:\WINDOWS\Temp\MCE0013c\MCE0013c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013c\MCE0013c
Found mount point : C:\WINDOWS\Temp\MCE0013d\MCE0013d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013d\MCE0013d
Found mount point : C:\WINDOWS\Temp\MCE0013e\MCE0013e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013e\MCE0013e
Found mount point : C:\WINDOWS\Temp\MCE0013f\MCE0013f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0013f\MCE0013f
Found mount point : C:\WINDOWS\Temp\MCE00140\MCE00140
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00140\MCE00140
Found mount point : C:\WINDOWS\Temp\MCE00141\MCE00141
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00141\MCE00141
Found mount point : C:\WINDOWS\Temp\MCE00142\MCE00142
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00142\MCE00142
Found mount point : C:\WINDOWS\Temp\MCE00143\MCE00143
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00143\MCE00143
Found mount point : C:\WINDOWS\Temp\MCE00144\MCE00144
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00144\MCE00144
Found mount point : C:\WINDOWS\Temp\MCE00145\MCE00145
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00145\MCE00145
Found mount point : C:\WINDOWS\Temp\MCE00146\MCE00146
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00146\MCE00146
Found mount point : C:\WINDOWS\Temp\MCE00147\MCE00147
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00147\MCE00147
Found mount point : C:\WINDOWS\Temp\MCE00148\MCE00148
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00148\MCE00148
Found mount point : C:\WINDOWS\Temp\MCE00149\MCE00149
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00149\MCE00149
Found mount point : C:\WINDOWS\Temp\MCE0014a\MCE0014a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014a\MCE0014a
Found mount point : C:\WINDOWS\Temp\MCE0014b\MCE0014b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014b\MCE0014b
Found mount point : C:\WINDOWS\Temp\MCE0014c\MCE0014c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014c\MCE0014c
Found mount point : C:\WINDOWS\Temp\MCE0014d\MCE0014d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014d\MCE0014d
Found mount point : C:\WINDOWS\Temp\MCE0014e\MCE0014e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014e\MCE0014e
Found mount point : C:\WINDOWS\Temp\MCE0014f\MCE0014f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0014f\MCE0014f
Found mount point : C:\WINDOWS\Temp\MCE00150\MCE00150
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00150\MCE00150
Found mount point : C:\WINDOWS\Temp\MCE00151\MCE00151
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00151\MCE00151
Found mount point : C:\WINDOWS\Temp\MCE00152\MCE00152
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00152\MCE00152
Found mount point : C:\WINDOWS\Temp\MCE00153\MCE00153
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00153\MCE00153
Found mount point : C:\WINDOWS\Temp\MCE00154\MCE00154
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00154\MCE00154
Found mount point : C:\WINDOWS\Temp\MCE00155\MCE00155
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00155\MCE00155
Found mount point : C:\WINDOWS\Temp\MCE00156\MCE00156
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00156\MCE00156
Found mount point : C:\WINDOWS\Temp\MCE00157\MCE00157
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00157\MCE00157
Found mount point : C:\WINDOWS\Temp\MCE00158\MCE00158
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00158\MCE00158
Found mount point : C:\WINDOWS\Temp\MCE00159\MCE00159
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00159\MCE00159
Found mount point : C:\WINDOWS\Temp\MCE0015a\MCE0015a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015a\MCE0015a
Found mount point : C:\WINDOWS\Temp\MCE0015b\MCE0015b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015b\MCE0015b
Found mount point : C:\WINDOWS\Temp\MCE0015c\MCE0015c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015c\MCE0015c
Found mount point : C:\WINDOWS\Temp\MCE0015d\MCE0015d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015d\MCE0015d
Found mount point : C:\WINDOWS\Temp\MCE0015e\MCE0015e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015e\MCE0015e
Found mount point : C:\WINDOWS\Temp\MCE0015f\MCE0015f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0015f\MCE0015f
Found mount point : C:\WINDOWS\Temp\MCE00160\MCE00160
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00160\MCE00160
Found mount point : C:\WINDOWS\Temp\MCE00161\MCE00161
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00161\MCE00161
Found mount point : C:\WINDOWS\Temp\MCE00162\MCE00162
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00162\MCE00162
Found mount point : C:\WINDOWS\Temp\MCE00163\MCE00163
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00163\MCE00163
Found mount point : C:\WINDOWS\Temp\MCE00164\MCE00164
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00164\MCE00164
Found mount point : C:\WINDOWS\Temp\MCE00165\MCE00165
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00165\MCE00165
Found mount point : C:\WINDOWS\Temp\MCE00166\MCE00166
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00166\MCE00166
Found mount point : C:\WINDOWS\Temp\MCE00167\MCE00167
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00167\MCE00167
Found mount point : C:\WINDOWS\Temp\MCE00168\MCE00168
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00168\MCE00168
Found mount point : C:\WINDOWS\Temp\MCE00169\MCE00169
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00169\MCE00169
Found mount point : C:\WINDOWS\Temp\MCE0016a\MCE0016a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016a\MCE0016a
Found mount point : C:\WINDOWS\Temp\MCE0016b\MCE0016b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016b\MCE0016b
Found mount point : C:\WINDOWS\Temp\MCE0016c\MCE0016c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016c\MCE0016c
Found mount point : C:\WINDOWS\Temp\MCE0016d\MCE0016d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016d\MCE0016d
Found mount point : C:\WINDOWS\Temp\MCE0016e\MCE0016e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016e\MCE0016e
Found mount point : C:\WINDOWS\Temp\MCE0016f\MCE0016f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0016f\MCE0016f
Found mount point : C:\WINDOWS\Temp\MCE00170\MCE00170
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00170\MCE00170
Found mount point : C:\WINDOWS\Temp\MCE00171\MCE00171
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00171\MCE00171
Found mount point : C:\WINDOWS\Temp\MCE00172\MCE00172
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00172\MCE00172
Found mount point : C:\WINDOWS\Temp\MCE00173\MCE00173
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00173\MCE00173
Found mount point : C:\WINDOWS\Temp\MCE00174\MCE00174
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00174\MCE00174
Found mount point : C:\WINDOWS\Temp\MCE00175\MCE00175
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00175\MCE00175
Found mount point : C:\WINDOWS\Temp\MCE00176\MCE00176
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00176\MCE00176
Found mount point : C:\WINDOWS\Temp\MCE00177\MCE00177
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00177\MCE00177
Found mount point : C:\WINDOWS\Temp\MCE00178\MCE00178
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00178\MCE00178
Found mount point : C:\WINDOWS\Temp\MCE00179\MCE00179
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00179\MCE00179
Found mount point : C:\WINDOWS\Temp\MCE0017a\MCE0017a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017a\MCE0017a
Found mount point : C:\WINDOWS\Temp\MCE0017b\MCE0017b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017b\MCE0017b
Found mount point : C:\WINDOWS\Temp\MCE0017c\MCE0017c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017c\MCE0017c
Found mount point : C:\WINDOWS\Temp\MCE0017d\MCE0017d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017d\MCE0017d
Found mount point : C:\WINDOWS\Temp\MCE0017e\MCE0017e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017e\MCE0017e
Found mount point : C:\WINDOWS\Temp\MCE0017f\MCE0017f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0017f\MCE0017f
Found mount point : C:\WINDOWS\Temp\MCE00180\MCE00180
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00180\MCE00180
Found mount point : C:\WINDOWS\Temp\MCE00181\MCE00181
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00181\MCE00181
Found mount point : C:\WINDOWS\Temp\MCE00182\MCE00182
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00182\MCE00182
Found mount point : C:\WINDOWS\Temp\MCE00183\MCE00183
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00183\MCE00183
Found mount point : C:\WINDOWS\Temp\MCE00184\MCE00184
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00184\MCE00184
Found mount point : C:\WINDOWS\Temp\MCE00185\MCE00185
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00185\MCE00185
Found mount point : C:\WINDOWS\Temp\MCE00186\MCE00186
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00186\MCE00186
Found mount point : C:\WINDOWS\Temp\MCE00187\MCE00187
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00187\MCE00187
Found mount point : C:\WINDOWS\Temp\MCE00188\MCE00188
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00188\MCE00188
Found mount point : C:\WINDOWS\Temp\MCE00189\MCE00189
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00189\MCE00189
Found mount point : C:\WINDOWS\Temp\MCE0018a\MCE0018a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018a\MCE0018a
Found mount point : C:\WINDOWS\Temp\MCE0018b\MCE0018b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018b\MCE0018b
Found mount point : C:\WINDOWS\Temp\MCE0018c\MCE0018c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018c\MCE0018c
Found mount point : C:\WINDOWS\Temp\MCE0018d\MCE0018d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018d\MCE0018d
Found mount point : C:\WINDOWS\Temp\MCE0018e\MCE0018e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018e\MCE0018e
Found mount point : C:\WINDOWS\Temp\MCE0018f\MCE0018f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0018f\MCE0018f
Found mount point : C:\WINDOWS\Temp\MCE00190\MCE00190
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00190\MCE00190
Found mount point : C:\WINDOWS\Temp\MCE00191\MCE00191
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00191\MCE00191
Found mount point : C:\WINDOWS\Temp\MCE00192\MCE00192
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00192\MCE00192
Found mount point : C:\WINDOWS\Temp\MCE00193\MCE00193
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00193\MCE00193
Found mount point : C:\WINDOWS\Temp\MCE00194\MCE00194
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00194\MCE00194
Found mount point : C:\WINDOWS\Temp\MCE00195\MCE00195
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00195\MCE00195
Found mount point : C:\WINDOWS\Temp\MCE00196\MCE00196
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00196\MCE00196
Found mount point : C:\WINDOWS\Temp\MCE00197\MCE00197
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00197\MCE00197
Found mount point : C:\WINDOWS\Temp\MCE00198\MCE00198
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00198\MCE00198
Found mount point : C:\WINDOWS\Temp\MCE00199\MCE00199
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE00199\MCE00199
Found mount point : C:\WINDOWS\Temp\MCE0019a\MCE0019a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019a\MCE0019a
Found mount point : C:\WINDOWS\Temp\MCE0019b\MCE0019b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019b\MCE0019b
Found mount point : C:\WINDOWS\Temp\MCE0019c\MCE0019c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019c\MCE0019c
Found mount point : C:\WINDOWS\Temp\MCE0019d\MCE0019d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019d\MCE0019d
Found mount point : C:\WINDOWS\Temp\MCE0019e\MCE0019e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019e\MCE0019e
Found mount point : C:\WINDOWS\Temp\MCE0019f\MCE0019f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE0019f\MCE0019f
Found mount point : C:\WINDOWS\Temp\MCE001a0\MCE001a0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a0\MCE001a0
Found mount point : C:\WINDOWS\Temp\MCE001a1\MCE001a1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a1\MCE001a1
Found mount point : C:\WINDOWS\Temp\MCE001a2\MCE001a2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a2\MCE001a2
Found mount point : C:\WINDOWS\Temp\MCE001a3\MCE001a3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a3\MCE001a3
Found mount point : C:\WINDOWS\Temp\MCE001a4\MCE001a4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a4\MCE001a4
Found mount point : C:\WINDOWS\Temp\MCE001a5\MCE001a5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a5\MCE001a5
Found mount point : C:\WINDOWS\Temp\MCE001a6\MCE001a6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a6\MCE001a6
Found mount point : C:\WINDOWS\Temp\MCE001a7\MCE001a7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a7\MCE001a7
Found mount point : C:\WINDOWS\Temp\MCE001a8\MCE001a8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a8\MCE001a8
Found mount point : C:\WINDOWS\Temp\MCE001a9\MCE001a9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001a9\MCE001a9
Found mount point : C:\WINDOWS\Temp\MCE001aa\MCE001aa
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001aa\MCE001aa
Found mount point : C:\WINDOWS\Temp\MCE001ab\MCE001ab
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001ab\MCE001ab
Found mount point : C:\WINDOWS\Temp\MCE001ac\MCE001ac
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001ac\MCE001ac
Found mount point : C:\WINDOWS\Temp\MCE001ad\MCE001ad
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001ad\MCE001ad
Found mount point : C:\WINDOWS\Temp\MCE001ae\MCE001ae
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001ae\MCE001ae
Found mount point : C:\WINDOWS\Temp\MCE001af\MCE001af
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001af\MCE001af
Found mount point : C:\WINDOWS\Temp\MCE001b0\MCE001b0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b0\MCE001b0
Found mount point : C:\WINDOWS\Temp\MCE001b1\MCE001b1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b1\MCE001b1
Found mount point : C:\WINDOWS\Temp\MCE001b2\MCE001b2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b2\MCE001b2
Found mount point : C:\WINDOWS\Temp\MCE001b3\MCE001b3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b3\MCE001b3
Found mount point : C:\WINDOWS\Temp\MCE001b4\MCE001b4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b4\MCE001b4
Found mount point : C:\WINDOWS\Temp\MCE001b5\MCE001b5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b5\MCE001b5
Found mount point : C:\WINDOWS\Temp\MCE001b6\MCE001b6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b6\MCE001b6
Found mount point : C:\WINDOWS\Temp\MCE001b7\MCE001b7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b7\MCE001b7
Found mount point : C:\WINDOWS\Temp\MCE001b8\MCE001b8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b8\MCE001b8
Found mount point : C:\WINDOWS\Temp\MCE001b9\MCE001b9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001b9\MCE001b9
Found mount point : C:\WINDOWS\Temp\MCE001ba\MCE001ba
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001ba\MCE001ba
Found mount point : C:\WINDOWS\Temp\MCE001bb\MCE001bb
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001bb\MCE001bb
Found mount point : C:\WINDOWS\Temp\MCE001bc\MCE001bc
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001bc\MCE001bc
Found mount point : C:\WINDOWS\Temp\MCE001bd\MCE001bd
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001bd\MCE001bd
Found mount point : C:\WINDOWS\Temp\MCE001be\MCE001be
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001be\MCE001be
Found mount point : C:\WINDOWS\Temp\MCE001bf\MCE001bf
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001bf\MCE001bf
Found mount point : C:\WINDOWS\Temp\MCE001c0\MCE001c0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001c0\MCE001c0
Found mount point : C:\WINDOWS\Temp\MCE001c1\MCE001c1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001c1\MCE001c1
Found mount point : C:\WINDOWS\Temp\MCE001c2\MCE001c2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\MCE001c2\MCE001c2
Found mount point : C\WINDOWS\Temp\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86
Mount point destination : \Device\__max++>\^
Removing mount point : C\:WINDOWS\Temp\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86
Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\RtSigs\Data\Data
Found mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Finished!
Hi again,
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
scotsking
2009-11-22, 15:53
had a couple of issues with Combofix.
PC guard still running unable to stop as I can no longer run the program (same error as with IE at start). Also Combofix could not load the system restore.
On reboot system came up with a RUNDLL error (error loading CTMBHA.DLL invalid access to memory location.
scotsking
2009-11-22, 15:53
ComboFix 09-11-21.03 - Shirley King 22/11/2009 13:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.517 [GMT 0:00]
Running from: c:\documents and settings\Shirley King\Desktop\ComboFix.exe
AV: PCguard Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\SHIRLE~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Shirley King\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
c:\windows\kb913800.exe
c:\windows\system32\Data
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 )))))))))))))))))))))))))))))))
.
2009-11-22 13:05 . 2009-11-22 13:15 -------- d-----w- c:\documents and settings\Shirley King\Application Data\Virgin Broadband
2009-11-21 13:07 . 2009-11-21 13:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-05 23:15 . 2008-11-26 15:19 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2009-11-05 23:15 . 2008-08-06 21:20 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2009-11-05 23:15 . 2008-08-28 13:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\program files\Raxco
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-11-05 23:12 . 2009-11-05 23:14 -------- d-----w- c:\program files\Virgin Broadband
2009-11-05 20:04 . 2009-11-22 13:40 3809824 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-05 19:46 . 2009-11-22 13:41 96544 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-05 19:14 . 2009-11-05 23:17 -------- d-----w- c:\documents and settings\Nick Parker\Application Data\Virgin Broadband
2009-11-05 19:14 . 2009-11-05 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-11-03 17:17 . 2009-11-03 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-03 17:16 . 2009-11-03 17:34 -------- d-----w- c:\program files\STOPzilla!
2009-11-03 17:16 . 2009-11-03 17:16 -------- d-----w- c:\program files\Common Files\iS3
2009-11-03 17:16 . 2009-11-03 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-03 15:31 . 2009-11-03 15:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-11-03 13:03 . 2009-11-21 18:03 0 ----a-w- c:\windows\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 13:38 . 2009-11-05 20:04 52952 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-22 13:38 . 2009-11-05 19:46 11048 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-05 23:13 . 2006-02-20 23:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-05 20:11 . 2006-02-20 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-05 20:11 . 2006-02-20 23:33 -------- d-----w- c:\program files\McAfee
2009-11-05 20:10 . 2006-02-20 23:32 -------- d-----w- c:\program files\McAfee.com
2009-11-04 19:47 . 2007-06-30 19:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 19:43 . 2007-06-30 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-03 17:18 . 2009-11-03 17:18 384 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-03 15:43 . 2008-08-03 09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 20:43 . 2008-10-05 13:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-03 16:36 . 2009-10-03 16:34 -------- d-----w- c:\program files\iTunes
2009-10-03 16:34 . 2009-10-03 16:34 -------- d-----w- c:\program files\iPod
2009-10-03 16:34 . 2009-06-20 18:19 -------- d-----w- c:\program files\Common Files\Apple
2009-10-03 16:27 . 2009-10-03 16:27 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-11 14:18 . 2005-08-16 04:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 . 2008-08-03 09:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2008-08-03 09:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 16:11 . 2006-02-25 16:32 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-04 21:03 . 2005-08-16 04:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2005-08-16 04:18 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2005-08-16 04:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2005-08-16 04:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 18:42 . 2009-06-20 18:19 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-06-20 18:19 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2005-08-16 04:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2006-10-10 21:13 . 2006-10-10 21:13 100448 ----a-w- c:\program files\MC
2007-12-22 15:43 . 2006-02-25 16:53 56 --sh--r- c:\windows\system32\8731209D39.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2009-08-14 9102608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-11-07 172032]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"HostManager"="c:\program files\Common Files\AOL\1183232413\ee\AOLSoftware.exe" [2006-11-17 50736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2005-05-19 1345520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nick Parker\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\Palm\register.exe [2006-2-26 2367488]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-2-20 156784]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2007-10-20 303104]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-3-2 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-3-2 106496]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Documents and Settings\\Shirley King\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire Demo\\base\\bin\\Settlers6Demo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [22/09/2008 16:58 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\Virgin Broadband\PCguard\SafeConnect\bin\SanaAgent.exe [14/11/2008 18:28 4937752]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [14/11/2008 18:28 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [14/11/2008 18:28 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [14/11/2008 18:28 27376]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [22/09/2008 16:58 910600]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [27/05/2009 13:10 170736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
2009-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate Page into English
FF - ProfilePath - c:\documents and settings\Shirley King\Application Data\Mozilla\Firefox\Profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\Stopzilla!\Toolbar\Extension\components\SiteGuardFF.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
BHO-{6BC5308C-CC79-4EEC-AB32-5AC866EDE457} - (no file)
BHO-{7C422B5F-0021-4C34-906D-4D1C32B863EA} - (no file)
BHO-{8F7BA1DE-ED6D-4510-AAA4-5656FF9B4F41} - (no file)
AddRemove-HijackThis - c:\documents and settings\Shirley King\Desktop\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 13:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2760)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Virgin Broadband\PCguard\Fws.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-11-22 13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-22 13:48
ComboFix2.txt 2008-08-03 12:37
Pre-Run: 99,421,155,328 bytes free
Post-Run: 99,419,541,504 bytes free
- - End Of File - - 244C3C1950D50A91ADFCBB58A08385F3
scotsking
2009-11-22, 15:54
DDS (Ver_09-09-29.01) - NTFSx86
Run by Shirley King at 13:50:42.70 on 22/11/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.485 [GMT 0:00]
AV: PCguard Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
C:\Program Files\Common Files\AOL\1183232413\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shirley King\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files\stopzilla!\toolbar\SZIESearchHook.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\toolbar\SZSG.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\virgin broadband\pcguard\pkR.dll
BHO: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: RepliGoIEHelperCtl Class: {91de4477-9cdc-4806-9bcb-28a963988e94} - c:\program files\cerience\repligo\RepliGoIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &RepliGo: {81f4066b-f330-4872-8094-3e9fbccec8c1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\toolbar\SZSG.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [V Stuff Backup] "c:\program files\virginmedia\v stuff backup\v_stuff_backup.exe" /delayed
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
mRun: [RepliGo Assistant] "c:\program files\cerience\repligo\RepliGoMon.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [HostManager] c:\program files\common files\aol\1183232413\ee\AOLSoftware.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate Page into English
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216545191984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} - hxxp://www.bootsdigitalphotocentre.com/wpp/boots/app/opcuploader.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\shirle~1\applic~1\mozilla\firefox\profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\stopzilla!\toolbar\extension\components\SiteGuardFF.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virgin broadband\advisor\nprpspa.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
============= SERVICES / DRIVERS ===============
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-11-5 179984]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\virgin broadband\pcguard\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\virgin broadband\pcguard\safeconnect\driver\platform_xp\SafeConnectShim.sys [2008-11-14 27376]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\virgin broadband\pcguard\RpsSecurityAwareR.exe [2009-5-27 170736]
=============== Created Last 30 ================
2009-11-22 13:17 260,608 a------- c:\windows\PEV.exe
2009-11-22 13:17 161,792 a------- c:\windows\SWREG.exe
2009-11-22 13:17 98,816 a------- c:\windows\sed.exe
2009-11-22 13:17 77,312 a------- c:\windows\MBR.exe
2009-11-22 13:05 <DIR> --d----- c:\docume~1\shirle~1\applic~1\Virgin Broadband
2009-11-21 13:07 664 a------- c:\windows\system32\d3d9caps.dat
2009-11-15 17:36 20 a------- c:\windows\system32\SYSTEM
2009-11-05 23:15 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-11-05 23:15 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-11-05 23:15 71,184 a------- c:\windows\system32\drivers\DefragFS.sys
2009-11-05 23:15 <DIR> --d----- c:\program files\Raxco
2009-11-05 23:12 <DIR> --d----- c:\program files\Virgin Broadband
2009-11-05 20:04 3,824,160 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-11-05 20:04 52,952 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-11-05 19:46 98,336 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-11-05 19:46 11,048 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-11-05 19:29 40 a------- c:\windows\system32\????????????????????????????????????g
2009-11-05 19:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Virgin Broadband
2009-11-03 17:18 384 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-03 17:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-11-03 17:16 <DIR> --d----- c:\program files\STOPzilla!
2009-11-03 17:16 <DIR> --d----- c:\program files\common files\iS3
2009-11-03 17:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-11-03 13:03 0 a------- c:\windows\win32k.sys
==================== Find3M ====================
2009-09-11 14:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-06 16:11 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-09-04 21:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 21:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 10:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18 634,648 a------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 08:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2006-10-10 21:13 100,448 a------- c:\program files\MC
2007-12-22 15:43 56 ---shr-- c:\windows\system32\8731209D39.sys
2008-08-03 15:11 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080320080804\index.dat
============= FINISH: 13:51:17.23 ===============
Hi,
PC guard still running unable to stop as I can no longer run the program (same error as with IE at start).
Download this (http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe) file to your desktop.
1. Copy Inherit.exe to c:\program files\virgin broadband folder, goto that folder and then drag 'n' drop pcguard folder to Inherit file.
2. Copy Inherit.exe to C:\Program Files folder, goto that folder and drag 'n' drop Internet Explorer folder to Inherit file.
Are you able to access PCGuard and Internet Explorer now?
Also Combofix could not load the system restore.
Does your internet connection work ok? Were you shown any reason why recovery console installation failed?
scotsking
2009-11-22, 17:46
Hi there
Both internet explorer & PCguard are now working ok.
The recovery console came up with message about not being able to access/find?? files.
I can't fully remember the message and sorry but I did not write that one down.
have been accessing internet through mozilla today fine on the PC.
Things seem to be ok now (Excel & word open without errors and can drag & drop items to desktop)
Thanks
Good to hear that things are improving. However, we have still some stuff left to be done there :)
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
type c:\boot.ini >Log.txt 1>&2
START Log.txt
DEL %0
Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
scotsking
2009-11-22, 20:09
Hi there
ComboFix 08-08-02.01 - Shirley King 2008-08-03 13:32:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.560 [GMT 1:00]
Running from: C:\Documents and Settings\Shirley King\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix.txt
C:\WINDOWS\system32\beekgsda.ini
C:\WINDOWS\system32\dfktdnmy.ini
C:\WINDOWS\system32\eromxmtm.ini
C:\WINDOWS\system32\fkvgsyuj.ini
C:\WINDOWS\system32\gvcadr.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\vorkwhyi.ini
C:\WINDOWS\system32\wnhogmbn.ini
C:\WINDOWS\system32\xuggbxpf.ini
C:\WINDOWS\system32\ycxmdtwi.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.
2008-08-03 10:18 . 2008-08-03 10:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-03 10:18 . 2008-08-03 10:18 <DIR> d-------- C:\Documents and Settings\Shirley King\Application Data\Malwarebytes
2008-08-03 10:18 . 2008-08-03 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 10:18 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-03 10:18 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-22 20:25 . 2008-07-22 20:25 43,581 ---hs---- C:\WINDOWS\system32\avhxiyex.ini
2008-07-22 20:23 . 2008-07-22 20:23 43,521 ---hs---- C:\WINDOWS\system32\culrjhyy.ini
2008-07-20 16:05 . 2008-07-20 16:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-20 13:48 . 2008-07-20 18:21 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-07-20 13:24 . 2008-07-20 13:24 <DIR> d-------- C:\VundoFix Backups
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 19:25 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-28 17:44 --------- d-----w C:\Program Files\Java
2008-07-16 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-16 19:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-06 16:36 --------- d-----w C:\Program Files\McAfee
2008-06-22 11:37 --------- d-----w C:\Documents and Settings\Nick Parker\Application Data\SiteAdvisor
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-26 11:43 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-26 11:43 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2006-10-10 21:13 100,448 ----a-w C:\Program Files\MC
2006-08-28 15:09 284 ----a-w C:\Documents and Settings\Nick Parker\Application Data\ViewerApp.dat
2007-12-22 15:43 56 --sh--r C:\WINDOWS\system32\8731209D39.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 08:51 306688]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 20:31 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 18:40 24576 C:\WINDOWS\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 10:47 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 08:42 1159168]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 12:06 71216]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-21 00:31 98304]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 15:17 78960]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49 1121280]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 11:26 110592]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 01:08 106496]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 05:00 98304]
"RepliGo Assistant"="C:\Program Files\Cerience\RepliGo\RepliGoMon.exe" [2005-11-07 20:19 172032]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 05:37 36904]
"HostManager"="C:\Program Files\Common Files\AOL\1183232413\ee\AOLSoftware.exe" [2006-11-17 14:21 50736]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe]
"MBMon"="CTMBHA.DLL" [2005-05-19 09:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]
C:\Documents and Settings\Nick Parker\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\Palm\register.exe [2006-02-26 20:39:31 2367488]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2006-02-21 00:31:21 156784]
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-03-05 12:03:01 24576]
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2007-10-20 23:23:47 303104]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 20:55:40 18432]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 15:27:34 471040]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-03-02 20:01:12 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-03-02 20:01:09 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Documents and Settings\\Shirley King\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire Demo\\base\\bin\\Settlers6Demo.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 20:55]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 06:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2007-06-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2007-06-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.ntlworld.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Google Search
O8 -: &Translate English Word
O8 -: Backward Links
O8 -: Cached Snapshot of Page
O8 -: Similar Pages
O8 -: Translate Page into English
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 13:36:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-03 13:37:28
ComboFix-quarantined-files.txt 2008-08-03 12:37:23
Pre-Run: 102,028,103,680 bytes free
Post-Run: 102,088,867,840 bytes free
176 --- E O F --- 2008-07-08 22:01:24
Hi,
Where did that over a year old ComboFix log came from? Please generate & run the batch file as shown in my previous post. Notepad should open up with totally different output :)
scotsking
2009-11-22, 20:25
Have run twice now & still getting the same text file.
Did have virtumonde and used combofix then. Also directed from this forum
Hi,
I still can't believe that result was generated after running my fixes.bat. Let's create another one.
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
dir /s/a c:\boot.ini >Log.txt
START Log.txt
DEL %0
Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
scotsking
2009-11-22, 21:23
OK
This is the new file
Volume in drive C has no label.
Volume Serial Number is 78F1-6AAC
Directory of c:\
25/02/2006 14:58 209 boot.ini
1 File(s) 209 bytes
Total Files Listed:
1 File(s) 209 bytes
0 Dir(s) 100,091,961,344 bytes free
Good. That went as planned. Let's see if we can now get the results I expected to see earlier :)
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
type c:\boot.ini >Log.txt
START Log.txt
DEL %0
Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
scotsking
2009-11-22, 22:42
hi again
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
hope this is what you expected
Yes, that's correct one :)
Now, please copy Inherit.exe file to c:\windows\system32 folder. Then goto that folder and drag'n'drop attrib.exe file there to Inherit file. After that, run ComboFix again and allow it to install recovery console. Post back the resultant log after ComboFix has finished.
scotsking
2009-11-23, 01:40
had to run combofix twice.
First time hung at preparing log file - left for 20mins nothing so forced a re-boot & ran again. 2nd time noticed AOL scan loading cancelled program and log file created.
scotsking
2009-11-23, 01:41
ComboFix 09-11-22.02 - Shirley King 22/11/2009 23:15.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.604 [GMT 0:00]
Running from: c:\documents and settings\Shirley King\Desktop\ComboFix.exe
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\SHIRLE~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Shirley King\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
.
---- Previous Run -------
.
c:\docume~1\SHIRLE~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Shirley King\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
.
((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 )))))))))))))))))))))))))))))))
.
2009-11-22 23:14 . 2009-11-22 23:14 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2009-11-22 22:11 . 2009-11-22 15:34 85504 ----a-w- c:\windows\system32\Inherit.exe
2009-11-22 15:37 . 2009-11-22 15:34 85504 ----a-w- c:\program files\Inherit.exe
2009-11-22 13:05 . 2009-11-22 13:15 -------- d-----w- c:\documents and settings\Shirley King\Application Data\Virgin Broadband
2009-11-21 13:07 . 2009-11-21 13:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-05 23:15 . 2008-11-26 15:19 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2009-11-05 23:15 . 2008-08-06 21:20 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2009-11-05 23:15 . 2008-08-28 13:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\program files\Raxco
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-11-05 23:12 . 2009-11-22 15:38 -------- d-----w- c:\program files\Virgin Broadband
2009-11-05 20:04 . 2009-11-22 22:50 4592928 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-05 19:46 . 2009-11-22 22:50 120096 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-05 19:14 . 2009-11-05 23:17 -------- d-----w- c:\documents and settings\Nick Parker\Application Data\Virgin Broadband
2009-11-05 19:14 . 2009-11-05 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-11-03 17:17 . 2009-11-03 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-03 17:16 . 2009-11-03 17:16 -------- d-----w- c:\program files\Common Files\iS3
2009-11-03 17:16 . 2009-11-03 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-03 15:31 . 2009-11-03 15:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-11-03 13:03 . 2009-11-21 18:03 0 ----a-w- c:\windows\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 16:58 . 2009-11-05 20:04 60992 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-22 16:58 . 2009-11-05 19:46 12632 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-22 16:24 . 2008-11-22 22:01 -------- d-----w- c:\program files\World of Warcraft Trial
2009-11-22 16:22 . 2009-09-12 17:23 -------- d-----w- c:\program files\QuickTime
2009-11-22 16:22 . 2006-02-26 18:49 -------- d-----w- c:\program files\Palm
2009-11-22 16:22 . 2006-02-20 23:24 -------- d-----w- c:\program files\Modem Helper
2009-11-22 16:22 . 2006-02-20 23:24 -------- d-----w- c:\program files\Dell
2009-11-22 16:21 . 2006-02-20 23:31 -------- d-----w- c:\program files\Common Files\aolshare
2009-11-22 16:21 . 2006-02-20 23:30 -------- d-----w- c:\program files\Common Files\AOL
2009-11-22 16:21 . 2006-02-20 23:31 -------- d-----w- c:\program files\AOL 9.0
2009-11-05 23:13 . 2006-02-20 23:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-05 20:11 . 2006-02-20 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-05 20:11 . 2006-02-20 23:33 -------- d-----w- c:\program files\McAfee
2009-11-05 20:10 . 2006-02-20 23:32 -------- d-----w- c:\program files\McAfee.com
2009-11-04 19:47 . 2007-06-30 19:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 19:43 . 2007-06-30 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-03 17:18 . 2009-11-03 17:18 384 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-03 15:43 . 2008-08-03 09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 20:43 . 2008-10-05 13:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-03 16:36 . 2009-10-03 16:34 -------- d-----w- c:\program files\iTunes
2009-10-03 16:34 . 2009-10-03 16:34 -------- d-----w- c:\program files\iPod
2009-10-03 16:34 . 2009-06-20 18:19 -------- d-----w- c:\program files\Common Files\Apple
2009-10-03 16:27 . 2009-10-03 16:27 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-11 14:18 . 2005-08-16 04:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 . 2008-08-03 09:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2008-08-03 09:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 16:11 . 2006-02-25 16:32 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-04 21:03 . 2005-08-16 04:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2005-08-16 04:18 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2005-08-16 04:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2005-08-16 04:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 18:42 . 2009-06-20 18:19 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-06-20 18:19 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2005-08-16 04:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2006-10-10 21:13 . 2006-10-10 21:13 100448 ----a-w- c:\program files\MC
2007-12-22 15:43 . 2006-02-25 16:53 56 --sh--r- c:\windows\system32\8731209D39.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-22_13.40.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-22 23:11 . 2009-11-22 23:11 16384 c:\windows\Temp\Perflib_Perfdata_9d0.dat
- 2007-03-04 13:04 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2007-03-04 13:04 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2005-08-16 04:27 . 2009-11-22 17:46 201736 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 04:27 . 2009-06-10 15:54 201736 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 04:18 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2008-10-18 07:42 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2009-08-14 9102608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-11-07 172032]
"HostManager"="c:\program files\Common Files\AOL\1183232413\ee\AOLSoftware.exe" [2006-11-17 50736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2005-05-19 1345520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nick Parker\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\Palm\register.exe [2006-2-26 2367488]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-2-20 156784]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2007-10-20 303104]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-3-2 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-3-2 106496]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Documents and Settings\\Shirley King\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire Demo\\base\\bin\\Settlers6Demo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [22/09/2008 16:58 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\Virgin Broadband\PCguard\SafeConnect\bin\SanaAgent.exe [14/11/2008 18:28 4937752]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [14/11/2008 18:28 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [14/11/2008 18:28 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [14/11/2008 18:28 27376]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [22/09/2008 16:58 910600]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [27/05/2009 13:10 170736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
2009-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate Page into English
FF - ProfilePath - c:\documents and settings\Shirley King\Application Data\Mozilla\Firefox\Profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
AddRemove-MAGIX Movie Edit Pro 2005 - c:\magix\Movie_Edit_Pro_2005\instslct.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 23:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-11-22 23:35
ComboFix-quarantined-files.txt 2009-11-22 23:34
ComboFix2.txt 2009-11-22 13:49
ComboFix3.txt 2008-08-03 12:37
Pre-Run: 100,058,783,744 bytes free
Post-Run: 100,012,449,792 bytes free
- - End Of File - - E453E897F1A75B84DD4E917A1C3323DE
scotsking
2009-11-23, 01:52
I still have a problem with Spybot not running. It stoped at the same time as the first issue with the "cannot access" error message. I have tried to re-install and the install process has a problem with the spybot.exe marked as read only. Ignoring the file allow set-up to complete but fails at the ens with a Code 5 Create Process failed.
I do have anti spy ware with PC guard but have always used and liked spybot.
this appears to be the only item still not working
Thanks
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
Rootkit::
c:\windows\win32k.sys
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.2) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall Macromedia Flash Player.
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 17 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
I still have a problem with Spybot not running. It stoped at the same time as the first issue with the "cannot access" error message. I have tried to re-install and the install process has a problem with the spybot.exe marked as read only. Ignoring the file allow set-up to complete but fails at the ens with a Code 5 Create Process failed.
Drag'n'drop c:\program files\Spybot - Search & Destroy folder on Inherit file, please. See if that helps.
scotsking
2009-11-24, 00:08
Hi again
ComboFix 09-11-22.08 - Shirley King 23/11/2009 18:43.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.605 [GMT 0:00]
Running from: c:\documents and settings\Shirley King\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Shirley King\Desktop\CFScript.txt
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\SHIRLE~1\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Shirley King\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\erdnt\cache\ntfs.sys
.
((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.
2009-11-23 16:13 . 2009-11-23 16:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-23 16:12 . 2009-11-23 16:12 152576 ----a-w- c:\documents and settings\Nick Parker\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-23 15:47 . 2009-11-23 15:47 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-23 15:47 . 2009-11-23 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-22 22:11 . 2009-11-22 15:34 85504 ----a-w- c:\windows\system32\Inherit.exe
2009-11-22 15:37 . 2009-11-22 15:34 85504 ----a-w- c:\program files\Inherit.exe
2009-11-22 13:05 . 2009-11-22 13:15 -------- d-----w- c:\documents and settings\Shirley King\Application Data\Virgin Broadband
2009-11-21 13:07 . 2009-11-21 13:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-05 23:15 . 2008-11-26 15:19 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2009-11-05 23:15 . 2008-08-06 21:20 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2009-11-05 23:15 . 2008-08-28 13:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\program files\Raxco
2009-11-05 23:15 . 2009-11-05 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-11-05 23:12 . 2009-11-22 15:38 -------- d-----w- c:\program files\Virgin Broadband
2009-11-05 20:04 . 2009-11-23 19:03 5444128 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-05 19:46 . 2009-11-23 19:02 181792 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-05 19:14 . 2009-11-05 23:17 -------- d-----w- c:\documents and settings\Nick Parker\Application Data\Virgin Broadband
2009-11-05 19:14 . 2009-11-05 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-11-03 17:17 . 2009-11-03 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-03 17:16 . 2009-11-03 17:16 -------- d-----w- c:\program files\Common Files\iS3
2009-11-03 17:16 . 2009-11-03 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-03 15:31 . 2009-11-03 15:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 18:59 . 2009-11-05 20:04 74936 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-23 18:59 . 2009-11-05 19:46 19064 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-23 18:32 . 2006-02-20 23:18 -------- d-----w- c:\program files\Java
2009-11-23 18:26 . 2007-06-30 19:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-23 18:26 . 2007-06-30 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-23 15:50 . 2006-02-25 15:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-22 16:24 . 2008-11-22 22:01 -------- d-----w- c:\program files\World of Warcraft Trial
2009-11-22 16:22 . 2009-09-12 17:23 -------- d-----w- c:\program files\QuickTime
2009-11-22 16:22 . 2006-02-26 18:49 -------- d-----w- c:\program files\Palm
2009-11-22 16:22 . 2006-02-20 23:24 -------- d-----w- c:\program files\Modem Helper
2009-11-22 16:22 . 2006-02-20 23:24 -------- d-----w- c:\program files\Dell
2009-11-22 16:21 . 2006-02-20 23:31 -------- d-----w- c:\program files\Common Files\aolshare
2009-11-22 16:21 . 2006-02-20 23:30 -------- d-----w- c:\program files\Common Files\AOL
2009-11-22 16:21 . 2006-02-20 23:31 -------- d-----w- c:\program files\AOL 9.0
2009-11-05 23:13 . 2006-02-20 23:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-05 20:11 . 2006-02-20 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-05 20:11 . 2006-02-20 23:33 -------- d-----w- c:\program files\McAfee
2009-11-05 20:10 . 2006-02-20 23:32 -------- d-----w- c:\program files\McAfee.com
2009-11-03 17:18 . 2009-11-03 17:18 384 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-03 15:43 . 2008-08-03 09:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 20:43 . 2008-10-05 13:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-03 16:36 . 2009-10-03 16:34 -------- d-----w- c:\program files\iTunes
2009-10-03 16:34 . 2009-10-03 16:34 -------- d-----w- c:\program files\iPod
2009-10-03 16:34 . 2009-06-20 18:19 -------- d-----w- c:\program files\Common Files\Apple
2009-10-03 16:27 . 2009-10-03 16:27 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-11 14:18 . 2005-08-16 04:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 . 2008-08-03 09:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2008-08-03 09:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 16:11 . 2006-02-25 16:32 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-04 21:03 . 2005-08-16 04:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2005-08-16 04:18 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2005-08-16 04:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2005-08-16 04:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-28 18:42 . 2009-06-20 18:19 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-06-20 18:19 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2005-08-16 04:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2006-10-10 21:13 . 2006-10-10 21:13 100448 ----a-w- c:\program files\MC
2007-12-22 15:43 . 2006-02-25 16:53 56 --sh--r- c:\windows\system32\8731209D39.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-22_13.40.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-23 19:00 . 2009-11-23 19:00 16384 c:\windows\Temp\Perflib_Perfdata_5a8.dat
+ 2009-11-23 19:00 . 2009-11-23 19:00 16384 c:\windows\Temp\Perflib_Perfdata_338.dat
- 2009-03-04 21:24 . 2009-03-04 21:25 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-04 21:24 . 2009-11-23 16:04 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-11-23 16:13 . 2009-11-23 16:13 149280 c:\windows\system32\javaws.exe
+ 2009-11-23 16:13 . 2009-11-23 16:13 145184 c:\windows\system32\javaw.exe
+ 2009-11-23 16:13 . 2009-11-23 16:13 145184 c:\windows\system32\java.exe
- 2005-08-16 04:27 . 2009-06-10 15:54 201736 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 04:27 . 2009-11-22 17:46 201736 c:\windows\system32\FNTCACHE.DAT
+ 2009-11-23 16:13 . 2009-11-23 16:13 537600 c:\windows\Installer\9c60a.msi
+ 2009-11-23 16:52 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976749-IE7\spuninst\updspapi.dll
+ 2009-11-23 16:52 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe
+ 2005-08-16 04:18 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2005-08-16 04:18 . 2009-10-21 04:08 3598336 c:\windows\system32\mshtml.dll
- 2005-08-16 04:18 . 2009-08-29 07:36 3598336 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-18 07:42 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
- 2006-05-19 15:06 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2006-05-19 15:06 . 2009-10-21 04:08 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-23 15:51 . 2009-11-23 15:51 3940352 c:\windows\Installer\13a3108.msi
+ 2009-11-23 16:52 . 2009-08-29 07:36 3598336 c:\windows\ie7updates\KB976749-IE7\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2009-08-14 9102608]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
"RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-11-07 172032]
"HostManager"="c:\program files\Common Files\AOL\1183232413\ee\AOLSoftware.exe" [2006-11-17 50736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-23 149280]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2005-05-19 1345520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nick Parker\Start Menu\Programs\Startup\
palmOne Registration.lnk - c:\program files\Palm\register.exe [2006-2-26 2367488]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-2-20 156784]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2007-10-20 303104]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-3-2 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-3-2 106496]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Documents and Settings\\Shirley King\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire Demo\\base\\bin\\Settlers6Demo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [22/09/2008 16:58 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\Virgin Broadband\PCguard\SafeConnect\bin\SanaAgent.exe [14/11/2008 18:28 4937752]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [14/11/2008 18:28 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [14/11/2008 18:28 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [14/11/2008 18:28 27376]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [22/09/2008 16:58 910600]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [27/05/2009 13:10 170736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
2009-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate Page into English
FF - ProfilePath - c:\documents and settings\Shirley King\Application Data\Mozilla\Firefox\Profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 19:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3220)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Virgin Broadband\PCguard\Fws.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\Rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\docume~1\SHIRLE~1\LOCALS~1\Temp\clclean.0001
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-23 19:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-23 19:11
ComboFix2.txt 2009-11-22 23:35
ComboFix3.txt 2009-11-22 13:49
ComboFix4.txt 2008-08-03 12:37
Pre-Run: 99,488,022,528 bytes free
Post-Run: 99,440,410,624 bytes free
- - End Of File - - 57BE2A39313B053B51C85B79C7DBA5D1
scotsking
2009-11-24, 00:10
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 23, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 23, 2009 18:13:05
Records in database: 3281231
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\
Scan statistics:
Objects scanned: 160215
Threats found: 1
Infected objects found: 0
Suspicious objects found: 1
Scan duration: 02:10:49
File name / Threat / Threats count
C:\Documents and Settings\Nick Parker\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
Selected area has been scanned.
scotsking
2009-11-24, 00:12
DDS (Ver_09-09-29.01) - NTFSx86
Run by Shirley King at 22:10:47.93 on 23/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.611 [GMT 0:00]
AV: PCguard Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
============== Pseudo HJT Report ===============
uStart Page = www.ntlworld.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\virgin broadband\pcguard\pkR.dll
BHO: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: RepliGoIEHelperCtl Class: {91de4477-9cdc-4806-9bcb-28a963988e94} - c:\program files\cerience\repligo\RepliGoIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &RepliGo: {81f4066b-f330-4872-8094-3e9fbccec8c1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [V Stuff Backup] "c:\program files\virginmedia\v stuff backup\v_stuff_backup.exe" /delayed
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
mRun: [RepliGo Assistant] "c:\program files\cerience\repligo\RepliGoMon.exe"
mRun: [HostManager] c:\program files\common files\aol\1183232413\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Google Search
IE: &Translate English Word
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate Page into English
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216545191984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} - hxxp://www.bootsdigitalphotocentre.com/wpp/boots/app/opcuploader.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\shirle~1\applic~1\mozilla\firefox\profiles\8rr57ers.default\
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virgin broadband\advisor\nprpspa.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-11-23 16:13 411,368 a------- c:\windows\system32\deploytk.dll
2009-11-23 16:13 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-22 22:26 <DIR> a-dshr-- C:\cmdcons
2009-11-22 22:11 85,504 a------- c:\windows\system32\Inherit.exe
2009-11-22 16:20 <DIR> --d----- c:\windows\system32\appmgmt
2009-11-22 15:37 85,504 a------- c:\program files\Inherit.exe
2009-11-22 13:17 260,608 a------- c:\windows\PEV.exe
2009-11-22 13:17 161,792 a------- c:\windows\SWREG.exe
2009-11-22 13:17 98,816 a------- c:\windows\sed.exe
2009-11-22 13:17 77,312 a------- c:\windows\MBR.exe
2009-11-22 13:05 <DIR> --d----- c:\docume~1\shirle~1\applic~1\Virgin Broadband
2009-11-21 13:07 664 a------- c:\windows\system32\d3d9caps.dat
2009-11-15 17:36 20 a------- c:\windows\system32\SYSTEM
2009-11-05 23:15 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-11-05 23:15 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-11-05 23:15 71,184 a------- c:\windows\system32\drivers\DefragFS.sys
2009-11-05 23:15 <DIR> --d----- c:\program files\Raxco
2009-11-05 23:12 <DIR> --d----- c:\program files\Virgin Broadband
2009-11-05 20:04 8,673,312 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-11-05 20:04 74,936 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-11-05 19:46 185,120 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-11-05 19:46 19,064 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-11-05 19:29 40 a------- c:\windows\system32\????????????????????????????????????g
2009-11-05 19:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Virgin Broadband
2009-11-03 17:18 384 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-03 17:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-11-03 17:16 <DIR> --d----- c:\program files\common files\iS3
2009-11-03 17:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
==================== Find3M ====================
2009-10-21 04:08 3,598,336 a------- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-06 16:11 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-09-04 21:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 21:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 10:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18 634,648 a------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 08:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2006-10-10 21:13 100,448 a------- c:\program files\MC
2007-12-22 15:43 56 ---shr-- c:\windows\system32\8731209D39.sys
2008-08-03 15:11 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080320080804\index.dat
============= FINISH: 22:12:00.32 ===============
scotsking
2009-11-24, 00:14
also to let you know spybot working fine after using inherit.
Hi,
Empty C:\Documents and Settings\Nick Parker\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Deleted Items.dbx email box. How's the system running now? Anymore issues left?
scotsking
2009-11-24, 20:19
Hi
He does not want me to remove the outlook deleted items. Can they stay or should I move them to another folder?
Everything appears to be working fine. What did we have?
On another note have just purchased a new laptop running Windows 7. Cannot load PC guard as not compatible with Windows 7. Came free trial Macfee. What do you suggest for anti virus protection.
Thanks for all your help. Great job
He does not want me to remove the outlook deleted items. Can they stay or should I move them to another folder?
Hi,
I think those can stay. That type of findings are often false ones too. And after all, probably not very likely that deleted items are browsed much.
What did we have?
There was a rootkit causing those problems with non working programs.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
On another note have just purchased a new laptop running Windows 7. Cannot load PC guard as not compatible with Windows 7. Came free trial Macfee. What do you suggest for anti virus protection.
Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html) and
Avast! (http://www.avast.com/eng/download-avast-home.html)
Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)
scotsking
2009-11-24, 22:08
all working fine
will be away from the PC until the weekend but hopefully all problems now resolved.
Will make sure that the updates are done a bit more often than the past & hopefully will not get these issues again
Thanks
Scotsking (Shirley)
You're welcome :)
I leave the topic open so you may post a status report back on weekend.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.