Need help with rootkit / spyware (no tool is working)

[earth777]

Hello, i am so happy to have found this site. My PC has been hijacked.

I tried all the following s/w and they all close before running:

Spybot
Ad-Aware
HijackThis
MBAM
RSIT
SpywareBlaster


Can someone please help?

can anyone please help?

Ran Win32KDiag.exe and got the following:



Log file is located at: C:\Users\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3635.tmp\ZAP3635.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP78E8.tmp\ZAP78E8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\bthservsdp.dat

[1] 2009-08-12 22:33:17 12 C:\Windows\bthservsdp.dat ()



Found mount point : C:\Windows\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Downloaded Program Files\CONFLICT.1\CONFLICT.1

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109AB0090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581\8.0.50727\8.0.50727

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\18555481990E8AB4CBB63FB4F26006C0\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\50512592984F2284DAAF236CED4E1F41\8.0.6\8.0.6

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\52AA03B593FB4EB4F8EE1539B8BA12D4\8.0.135\8.0.135

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\52CB9D6ECBD08634E8A4D7EE0866C19D\8.0.148\8.0.148

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\AC1F0757D610CA645B68DC4746E5BF25\8.0.211\8.0.211

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\FC62732BFB866A144ABE271FF278EF50\8.0.63\8.0.63

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16866_none_7fe0c12063c7ff25\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16866_none_7fe0c12063c7ff25: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21062_none_806634e57ce96cd5\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21062_none_806634e57ce96cd5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18267_none_81c8001060eda96d\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18267_none_81c8001060eda96d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22444_none_82643dbb79fdc277\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22444_none_82643dbb79fdc277: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18046_none_83c3136c5e04aa7f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18046_none_83c3136c5e04aa7f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22147_none_844db081772163a0\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22147_none_844db081772163a0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16866_none_4755e279c14fc1a0\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16866_none_4755e279c14fc1a0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21062_none_47db563eda712f50\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21062_none_47db563eda712f50: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18267_none_493d2169be756be8\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18267_none_493d2169be756be8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22444_none_49d95f14d78584f2\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22444_none_49d95f14d78584f2: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18046_none_4b3834c5bb8c6cfa\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18046_none_4b3834c5bb8c6cfa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22147_none_4bc2d1dad4a9261b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22147_none_4bc2d1dad4a9261b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16866_none_0a011f83f55114da\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16866_none_0a011f83f55114da: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21062_none_0a8693490e72828a\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21062_none_0a8693490e72828a: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18267_none_0be85e73f276bf22\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18267_none_0be85e73f276bf22: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22444_none_0c849c1f0b86d82c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22444_none_0c849c1f0b86d82c: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18046_none_0de371cfef8dc034\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18046_none_0de371cfef8dc034: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22147_none_0e6e0ee508aa7955\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22147_none_0e6e0ee508aa7955: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16866_none_0a021fcdf5502e31\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16866_none_0a021fcdf5502e31: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21062_none_0a8793930e719be1\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21062_none_0a8793930e719be1: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18267_none_0be95ebdf275d879\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18267_none_0be95ebdf275d879: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22444_none_0c859c690b85f183\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22444_none_0c859c690b85f183: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18046_none_0de47219ef8cd98b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18046_none_0de47219ef8cd98b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22147_none_0e6f0f2f08a992ac\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22147_none_0e6f0f2f08a992ac: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16866_none_0a032017f54f4788\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16866_none_0a032017f54f4788: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21062_none_0a8893dd0e70b538\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21062_none_0a8893dd0e70b538: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18267_none_0bea5f07f274f1d0\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18267_none_0bea5f07f274f1d0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22444_none_0c869cb30b850ada\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22444_none_0c869cb30b850ada: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18046_none_0de57263ef8bf2e2\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18046_none_0de57263ef8bf2e2: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22147_none_0e700f7908a8ac03\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22147_none_0e700f7908a8ac03: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16866_none_0a042061f54e60df\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16866_none_0a042061f54e60df: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21062_none_0a8994270e6fce8f\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21062_none_0a8994270e6fce8f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18267_none_0beb5f51f2740b27\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18267_none_0beb5f51f2740b27: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22444_none_0c879cfd0b842431\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22444_none_0c879cfd0b842431: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18046_none_0de672adef8b0c39\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18046_none_0de672adef8b0c39: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22147_none_0e710fc308a7c55a\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22147_none_0e710fc308a7c55a: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16866_none_0a0520abf54d7a36\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16866_none_0a0520abf54d7a36: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21062_none_0a8a94710e6ee7e6\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21062_none_0a8a94710e6ee7e6: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18267_none_0bec5f9bf273247e\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18267_none_0bec5f9bf273247e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22444_none_0c889d470b833d88\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22444_none_0c889d470b833d88: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18046_none_0de772f7ef8a2590\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18046_none_0de772f7ef8a2590: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22147_none_0e72100d08a6deb1\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22147_none_0e72100d08a6deb1: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16866_none_3fdf3668c441aa88\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16866_none_3fdf3668c441aa88

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21062_none_4064aa2ddd631838\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21062_none_4064aa2ddd631838

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18267_none_41c67558c16754d0\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18267_none_41c67558c16754d0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22444_none_4262b303da776dda\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22444_none_4262b303da776dda

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18046_none_43c188b4be7e55e2\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18046_none_43c188b4be7e55e2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22147_none_444c25c9d79b0f03\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22147_none_444c25c9d79b0f03

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f9870fa09c866a37752cd50336c30a22\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18819_none_83d6ded046b75eaf\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18819_none_83d6ded046b75eaf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f9870fa09c866a37752cd50336c30a22\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22909_none_846b4b875fcce288\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22909_none_846b4b875fcce288

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFile

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\0409\0409

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Branding\en-US\en-US

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\cngaudit.dll

[1] 2006-11-02 02:46:03 62464 C:\Windows\System32\cngaudit.dll ()

[2] 2006-11-02 02:46:03 11776 C:\Windows\System32\logevent.dll (Microsoft Corporation)

[1] 2006-11-02 02:46:03 11776 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll (Microsoft Corporation)



Found mount point : C:\Windows\System32\com\dmp\dmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\Journal\Journal

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Google\Update\Manifest\Initial\Initial

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\IdentityCRL\production\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Messenger\Messenger

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\1

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\10

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\11

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\12

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\13

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\14

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\16

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\17

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\18

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\19

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\20

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\21

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\24

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\26

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\27

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\28

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\29

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\30

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\31

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\32

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\33

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\34

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\36

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\37

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\38

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\39

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\40

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\41

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\42

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\43

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\44

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\45

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\46

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\48

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\49

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\50

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\51

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\53

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\54

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\55

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\56

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\58

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\59

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\60

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\61

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\62

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\63

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\8

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\9

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\host

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin\muffin

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\TeamViewer\TeamViewer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\DriverStore\FileRepository\hpohsla.inf_72464ab0\I386\I386

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\GroupPolicy\GroupPolicy

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\GroupPolicyUsers\GroupPolicyUsers

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-08-29 18:28:42 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-08-29 18:28:28 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-08-29 18:28:41 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-08-29 18:28:38 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-08-29 18:30:01 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Found mount point : C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\MUI\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\setup\en-US\en-US

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\SMI\Manifests\Manifests

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\spool\drivers\IA64\IA64

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\spool\drivers\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\spool\SERVERS\SERVERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Tasks\Event Viewer Tasks\Event Viewer Tasks

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\wbem\Logs\WMITracing.log

[1] 2009-08-29 18:28:43 16777216 C:\Windows\System32\wbem\Logs\WMITracing.log ()



Found mount point : C:\Windows\System32\wbem\MOF\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\wbem\MOF\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\WDI\{67144949-5132-4859-8036-a737b43825d8}\{67144949-5132-4859-8036-a737b43825d8}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\winevt\TraceFormat\TraceFormat

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames

Mount point destination : \Device\__max++>\^



Finished!

==========================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

If the infection prevents HJT from running, please start a topic, make note of the situation and wait for a response. Please do not add a bunch of logs from other scans.

[Bio-Hazard]

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

• I will be working on your Malware issues this may or may not solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• I f you don't know or understand something please don't hesitate to ask.
• Please DO NOT run any other tools or scans whilst I am helping you.
• It is important that you reply to this thread. Do not start a new topic.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• Absence of symptoms does not mean that everything is clear.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

No Reply Within 4 Days Will Result In Your Topic Being Closed!!


Download and Run ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2

Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX

• You must download it to and run it from your Desktop
• ComboFix SHOULD NOT be used unless requested by a forum helper.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE
• Double click on ComboFix.exe and follow the prompts.
  
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  
  
• Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
• Combofix should never take more that 20 minutes including the reboot if malware is detected.

IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.


Download HijackThis

To get things going i need you to download HijackThis see the instructions below.

• Click HERE to download HijackThis Installer
• Save HijackThis Installer to your desktop.
• Doubleclick on the HijackThis Installer icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.

DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Download and run Win32kDiag

Delete the copy you have and follow these instrucrions:

• Download Win32kDiag from any of the following locations and save it to your Desktop.
  
  • Download Win32kDiag (Win32kDiag.exe) - #1
  • Download Win32kDiag (Win32kDiag.exe) - #2
  • Download Win32kDiag (Win32kDiag.exe) - #3
  
  
• Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
• When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
• Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Next Reply

Please reply with:

• ComboFix log (found at C:\Combofix.txt)
• Win32kDiag.txt
• New HijackThis log

[earth777]

Thank for your help. I really had to get my PC going so i decided to do a clean installation.

[Bio-Hazard]

Since this issue appears to be resolved, this Topic has been closed.

Glad we could be of assistance.If you're the topic starter, and need this topic reopened, please contact a moderator with the address of the thread.

Everyone else please begin a New Topic.