|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
11-01-2009, 02:11 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2009
Posts: 20
OS: windowx xp
|
Severe Malware Damage - Critical Laptop
My high school senior's laptop was totalled by malware on 10/25. Pop-up message 'Antivirus System Pro' prompted her to buy - she closed window without but damage is done. There may have been a few things resident already, who's to tell.
Syptoms= Computer does not have wireless or NIC connectivity- blocked. Wireless continually seeking a connection and being blocked. Malwarebytes was onboard - now cannot scan. Also has MacAfee - cannot run scan. Problems with logging on as different users. Sporadically cannot reboot windows - NT timing out message pops up. Searched modified files from 10/25 and found chhite application which I put in recycle bin. Found UECJSYSGUARD.EXE-05346AED.pf and put in recycle bin. Noticed cookie from greatfeedmill, among other cookies including pctools from that same time; reported to be a malicious redirected internet site. A bunch of stuff created in another user's application data folder about the time this attack happened - application data\microsoft\cryptnet also google desktop files in my daughter's user temp files Was able to install and run Avira antivirus and it isolated 15 issues - some may be false positives from spybot which we used to have installed - they have been quarantined. Downloded DDS and will not allow script to run from either CD or main disk drive (I disabled Avira) - don't know what to do to get that info. Ran GMER which run pretty well but did lock up towards the end of the scan - I have a 2 part scan file to attach as I scanned up the the file part of the search and then saved, then ran the file portion of scan . That took from 6 AM to 2PM to get this far. Sorry if this rambles or is too much info - useless info - getting pretty desparate to help her get her computer online for schoolwork. I would rather just buy a new computer but am unempoyed architect at the moment and money is really tight.................please help. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-02-2009, 06:54 PM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,795
OS: 2000 Pro; XP Pro; XP Home
|
Re: Severe Malware Damage - Critical Laptop
Hello -
Sometimes, a machine gets so badly damaged the best course of action is to reinstall using a Windows installation disk, or revert it to factory condition using the recovery disks or recovery partition most large manufacturers provide these days. Let's see if we can get a bit more detail about what's going on. The gmer log did provide some detail. Please save this file to your desktop. Double-click on it to run a scan. This scan may take a while. Please wait until you see this in the command box: Finished! Press any key to exit... Now, press any key to exit. There will be a log called Win32kDiag.txt on your desktop. Please post the contents here. Also see if this next tool will run...
---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
11-03-2009, 06:02 PM
|
#3 (permalink) |
|
Registered User
Join Date: Nov 2009
Posts: 20
OS: windowx xp
|
Re: Severe Malware Damage - Critical Laptop
win32kdiag results- RSIT will not finish
Running from: C:\Documents and Settings\Michael\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Michael\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d1\d1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d2\d2 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d3\d3 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d4\d4 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d5\d5 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d6\d6 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d7\d7 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d8\d8 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe [1] 2004-08-04 06:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation) [1] 2008-04-13 19:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe () [1] 2008-04-13 19:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\dumprep.exe [1] 2004-08-04 06:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 19:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 19:12:18 10752 C:\WINDOWS\system32\dumprep.exe () [1] 2004-08-04 06:00:00 10752 C:\i386\dumprep.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-13 19:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) [1] 2004-08-04 06:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\system32\MRT.exe [1] 2008-12-09 14:24:38 17593280 C:\WINDOWS\system32\MRT.exe () Found mount point : C:\WINDOWS\Temp\History\Results\Results Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\MCA13E.tmp\MCA13E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\MCA17.tmp\MCA17.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcaFE.tmp\mcaFE.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcaFF.tmp\mcaFF.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10.tmp\mcu10.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu100.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu101.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu102.tmp\mcu102.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu103.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu104.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu105.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu106.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu107.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu108.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu109.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10A.tmp\mcu10A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10D.tmp\mcu10D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11.tmp\mcu11.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu110.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu111.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu112.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu113.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu114.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu115.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu116.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu117.tmp\mcu117.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu118.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu119.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11B.tmp\mcu11B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu120.tmp\mcu120.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu121.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu122.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu123.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu124.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu125.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu126.tmp\mcu126.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu127.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu128.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu129.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12A.tmp\mcu12A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13.tmp\mcu13.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu130.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu131.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu132.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu133.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu134.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu135.tmp\mcu135.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu136.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu137.tmp\mcu137.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu138.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu139.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13A.tmp\mcu13A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13C.tmp\mcu13C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13E.tmp\mcu13E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu140.tmp\mcu140.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu141.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu142.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu143.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu144.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu145.tmp\mcu145.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu146.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu147.tmp\mcu147.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu148.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu149.tmp\mcu149.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14C.tmp\mcu14C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu15.tmp\mcu15.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu150.tmp\mcu150.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu151.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu152.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu153.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu154.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu155.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu156.tmp\mcu156.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu157.tmp\mcu157.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu158.tmp\mcu158.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu159.tmp\mcu159.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu15A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu15B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu15C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu15E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu16.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu160.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu162.tmp\mcu162.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu16D.tmp\mcu16D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu17.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu17E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu18.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu19.tmp\mcu19.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1B.tmp\mcu1B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1D.tmp\mcu1D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1DB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1DF.tmp\msk\en-us\us\us Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1F.tmp\mcu1F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2.tmp\mcu2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu20.tmp\mcu20.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu21.tmp\mcu21.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu22.tmp\mcu22.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu23.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu24.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu25.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu26.tmp\mcu26.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu27.tmp\mcu27.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu28.tmp\mcu28.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu29.tmp\mcu29.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2C.tmp\mcu2C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2F.tmp\mcu2F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3.tmp\mcu3.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu30.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu31.tmp\mcu31.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu32.tmp\mcu32.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu33.tmp\mcu33.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu34.tmp\mcu34.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu35.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu36.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu37.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu38.tmp\mcu38.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu39.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3A.tmp\mcu3A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3C.tmp\mcu3C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4.tmp\mcu4.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu40.tmp\mcu40.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu41.tmp\mcu41.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu42.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu43.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu44.tmp\mcu44.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu45.tmp\mcu45.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu46.tmp\mcu46.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu47.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu48.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu49.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4B.tmp\mcu4B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4D.tmp\mcu4D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4E.tmp\mcu4E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4F.tmp\mcu4F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu50.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu51.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu52.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu53.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu54.tmp\mcu54.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu55.tmp\mcu55.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu56.tmp\mcu56.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu57.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu58.tmp\mcu58.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu59.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5A.tmp\mcu5A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5C.tmp\mcu5C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5D.tmp\mcu5D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu60.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu61.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu62.tmp\mcu62.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu63.tmp\mcu63.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu64.tmp\mcu64.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu65.tmp\mcu65.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu66.tmp\mcu66.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu67.tmp\mcu67.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu68.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu69.tmp\mcu69.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6A.tmp\mcu6A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6B.tmp\mcu6B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6D.tmp\mcu6D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu70.tmp\mcu70.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu71.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu72.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu73.tmp\mcu73.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu74.tmp\mcu74.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu75.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu76.tmp\mcu76.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu77.tmp\mcu77.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu78.tmp\mcu78.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu79.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7D.tmp\mcu7D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu80.tmp\mcu80.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu81.tmp\mcu81.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu82.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu83.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu84.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu85.tmp\mcu85.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu86.tmp\mcu86.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu87.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu88.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu89.tmp\mcu89.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8A.tmp\mcu8A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8B.tmp\mcu8B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8C.tmp\mcu8C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu90.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu91.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu92.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu93.tmp\mcu93.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu94.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu95.tmp\mcu95.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu96.tmp\mcu96.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu97.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu98.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu99.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9B.tmp\mcu9B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9D.tmp\mcu9D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9E.tmp\mcu9E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9F.tmp\mcu9F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA0.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA1.tmp\mcuA1.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA2.tmp\mcuA2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA6.tmp\mcuA6.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA7.tmp\mcuA7.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA8.tmp\mcuA8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAA.tmp\mcuAA.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAB.tmp\mcuAB.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAD.tmp\mcuAD.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB0.tmp\mcuB0.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB1.tmp\mcuB1.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB2.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB3.tmp\mcuB3.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB4.tmp\mcuB4.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB5.tmp\mcuB5.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB7.tmp\mcuB7.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB8.tmp\mcuB8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBA.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBB.tmp\vso\en-us\us\us Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBB.tmp\vso\winnt\winnt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBD.tmp\mcuBD.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBE.tmp\mcuBE.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBF.tmp\mcuBF.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC.tmp\mcuC.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC0.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC2.tmp\mcuC2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC6.tmp\mcuC6.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC7.tmp\mcuC7.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC8.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCA.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCB.tmp\mcuCB.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCD.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCE.tmp\mcuCE.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCF.tmp\mcuCF.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD.tmp\mcuD.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD0.tmp\mcuD0.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD2.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD6.tmp\mcuD6.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD8.tmp\mcuD8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDA.tmp\mcuDA.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDD.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDE.tmp\mcuDE.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE0.tmp\mcuE0.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE2.tmp\mcuE2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE8.tmp\mcuE8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuEA.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuEB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuEC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuED.tmp\mcuED.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuEE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuEF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF.tmp\mcuF.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF0.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF2.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF5.tmp\mcuF5.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF8.tmp\mcuF8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFA.tmp\mcuFA.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFD.tmp\mcuFD.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\UPD101.tmp\UPD101.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Finished! |
|
|
|
|
11-03-2009, 06:30 PM
|
#5 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,795
OS: 2000 Pro; XP Pro; XP Home
|
Re: Severe Malware Damage - Critical Laptop
Run win32kdiag once again, using these instructions.
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. "%userprofile%\desktop\win32kdiag.exe" -f -r
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
11-04-2009, 04:41 AM
|
#6 (permalink) |
|
Registered User
Join Date: Nov 2009
Posts: 20
OS: windowx xp
|
Re: Severe Malware Damage - Critical Laptop
Running from: C:\Documents and Settings\Michael\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\Michael\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d1\d1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d2\d2 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d3\d3 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d4\d4 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d5\d5 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d6\d6 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d7\d7 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d8\d8 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe [1] 2004-08-04 06:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation) [1] 2008-04-13 19:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe () [1] 2008-04-13 19:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\dumprep.exe [1] 2004-08-04 06:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 19:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 19:12:18 10752 C:\WINDOWS\system32\dumprep.exe () [1] 2004-08-04 06:00:00 10752 C:\i386\dumprep.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-13 19:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) [1] 2004-08-04 06:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\system32\MRT.exe [1] 2008-12-09 14:24:38 17593280 C:\WINDOWS\system32\MRT.exe () Found mount point : C:\WINDOWS\Temp\History\Results\Results Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\MCA13E.tmp\MCA13E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\MCA17.tmp\MCA17.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcaFE.tmp\mcaFE.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcaFF.tmp\mcaFF.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10.tmp\mcu10.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu100.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu101.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu102.tmp\mcu102.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu103.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu104.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu105.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu106.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu107.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu108.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu109.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10A.tmp\mcu10A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10D.tmp\mcu10D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu10F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11.tmp\mcu11.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu110.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu111.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu112.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu113.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu114.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu115.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu116.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu117.tmp\mcu117.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu118.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu119.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11B.tmp\mcu11B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu11F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu120.tmp\mcu120.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu121.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu122.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu123.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu124.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu125.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu126.tmp\mcu126.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu127.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu128.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu129.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12A.tmp\mcu12A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu12F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13.tmp\mcu13.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu130.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu131.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu132.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu133.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu134.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu135.tmp\mcu135.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu136.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu137.tmp\mcu137.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu138.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu139.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13A.tmp\mcu13A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13C.tmp\mcu13C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13E.tmp\mcu13E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu13F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu140.tmp\mcu140.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu141.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu142.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu143.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu144.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu145.tmp\mcu145.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu146.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu147.tmp\mcu147.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu148.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu149.tmp\mcu149.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14C.tmp\mcu14C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu14F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu15.tmp\mcu15.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu150.tmp\mcu150.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu151.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu152.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu153.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu154.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu155.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu156.tmp\mcu156.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu157.tmp\mcu157.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu158.tmp\mcu158.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu159.tmp\mcu159.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu15A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu15B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu15C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu15E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu16.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu160.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu162.tmp\mcu162.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu16D.tmp\mcu16D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu17.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu17E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu18.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu19.tmp\mcu19.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1B.tmp\mcu1B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1D.tmp\mcu1D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1DB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1DF.tmp\msk\en-us\us\us Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu1F.tmp\mcu1F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2.tmp\mcu2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu20.tmp\mcu20.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu21.tmp\mcu21.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu22.tmp\mcu22.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu23.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu24.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu25.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu26.tmp\mcu26.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu27.tmp\mcu27.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu28.tmp\mcu28.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu29.tmp\mcu29.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2C.tmp\mcu2C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu2F.tmp\mcu2F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3.tmp\mcu3.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu30.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu31.tmp\mcu31.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu32.tmp\mcu32.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu33.tmp\mcu33.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu34.tmp\mcu34.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu35.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu36.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu37.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu38.tmp\mcu38.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu39.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3A.tmp\mcu3A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3C.tmp\mcu3C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu3F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4.tmp\mcu4.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu40.tmp\mcu40.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu41.tmp\mcu41.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu42.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu43.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu44.tmp\mcu44.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu45.tmp\mcu45.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu46.tmp\mcu46.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu47.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu48.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu49.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4B.tmp\mcu4B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4D.tmp\mcu4D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4E.tmp\mcu4E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu4F.tmp\mcu4F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu50.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu51.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu52.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu53.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu54.tmp\mcu54.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu55.tmp\mcu55.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu56.tmp\mcu56.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu57.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu58.tmp\mcu58.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu59.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5A.tmp\mcu5A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5C.tmp\mcu5C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5D.tmp\mcu5D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu5F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu60.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu61.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu62.tmp\mcu62.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu63.tmp\mcu63.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu64.tmp\mcu64.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu65.tmp\mcu65.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu66.tmp\mcu66.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu67.tmp\mcu67.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu68.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu69.tmp\mcu69.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6A.tmp\mcu6A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6B.tmp\mcu6B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6D.tmp\mcu6D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu6F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu70.tmp\mcu70.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu71.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu72.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu73.tmp\mcu73.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu74.tmp\mcu74.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu75.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu76.tmp\mcu76.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu77.tmp\mcu77.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu78.tmp\mcu78.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu79.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7D.tmp\mcu7D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu7F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu80.tmp\mcu80.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu81.tmp\mcu81.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu82.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu83.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu84.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu85.tmp\mcu85.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu86.tmp\mcu86.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu87.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu88.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu89.tmp\mcu89.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8A.tmp\mcu8A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8B.tmp\mcu8B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8C.tmp\mcu8C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu8F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu90.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu91.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu92.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu93.tmp\mcu93.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu94.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu95.tmp\mcu95.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu96.tmp\mcu96.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu97.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu98.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu99.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9B.tmp\mcu9B.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9D.tmp\mcu9D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9E.tmp\mcu9E.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcu9F.tmp\mcu9F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA0.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA1.tmp\mcuA1.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA2.tmp\mcuA2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA6.tmp\mcuA6.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA7.tmp\mcuA7.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA8.tmp\mcuA8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuA9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAA.tmp\mcuAA.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAB.tmp\mcuAB.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAD.tmp\mcuAD.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuAF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB0.tmp\mcuB0.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB1.tmp\mcuB1.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB2.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB3.tmp\mcuB3.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB4.tmp\mcuB4.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB5.tmp\mcuB5.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB7.tmp\mcuB7.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB8.tmp\mcuB8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuB9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBA.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBB.tmp\vso\en-us\us\us Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBB.tmp\vso\winnt\winnt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBD.tmp\mcuBD.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBE.tmp\mcuBE.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuBF.tmp\mcuBF.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC.tmp\mcuC.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC0.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC2.tmp\mcuC2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC6.tmp\mcuC6.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC7.tmp\mcuC7.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC8.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuC9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCA.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCB.tmp\mcuCB.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCD.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCE.tmp\mcuCE.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuCF.tmp\mcuCF.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD.tmp\mcuD.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD0.tmp\mcuD0.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD2.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD6.tmp\mcuD6.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD8.tmp\mcuD8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuD9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDA.tmp\mcuDA.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDD.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDE.tmp\mcuDE.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuDF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE0.tmp\mcuE0.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE2.tmp\mcuE2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE8.tmp\mcuE8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuE9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuEA.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuEB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuEC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuED.tmp\mcuED.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuEE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuEF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF.tmp\mcuF.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF0.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF2.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF5.tmp\mcuF5.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF8.tmp\mcuF8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuF9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFA.tmp\mcuFA.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFD.tmp\mcuFD.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mcuFF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\UPD101.tmp\UPD101.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Finished! |
|
|
|
|
11-04-2009, 05:22 AM
|
#8 (permalink) |
|
Registered User
Join Date: Nov 2009
Posts: 20
OS: windowx xp
|
Re: Severe Malware Damage - Critical Laptop
Running from: C:\Documents and Settings\Michael\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\Michael\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812 Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281 Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899 Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213 Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760 Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496 Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454 Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090 Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338 Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768 Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784 Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566 Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143 Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653 Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615 Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533 Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864 Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\temp\temp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\CSC\d1\d1 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d1\d1 Found mount point : C:\WINDOWS\CSC\d2\d2 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d2\d2 Found mount point : C:\WINDOWS\CSC\d3\d3 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d3\d3 Found mount point : C:\WINDOWS\CSC\d4\d4 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d4\d4 Found mount point : C:\WINDOWS\CSC\d5\d5 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d5\d5 Found mount point : C:\WINDOWS\CSC\d6\d6 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d6\d6 Found mount point : C:\WINDOWS\CSC\d7\d7 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d7\d7 Found mount point : C:\WINDOWS\CSC\d8\d8 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d8\d8 Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\chsime\applets\applets Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\shared\res\res Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\classes\classes Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Cannot access: C:\WINDOWS\system32\dumprep.exe Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe Cannot access: C:\WINDOWS\system32\eventlog.dll Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-13 19:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) [1] 2004-08-04 06:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation) Cannot access: C:\WINDOWS\system32\MRT.exe Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe Found mount point : C:\WINDOWS\Temp\History\Results\Results Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\History\Results\Results Found mount point : C:\WINDOWS\Temp\MCA13E.tmp\MCA13E.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\MCA13E.tmp\MCA13E.tmp Found mount point : C:\WINDOWS\Temp\MCA17.tmp\MCA17.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\MCA17.tmp\MCA17.tmp Found mount point : C:\WINDOWS\Temp\mcaFE.tmp\mcaFE.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcaFE.tmp\mcaFE.tmp Found mount point : C:\WINDOWS\Temp\mcaFF.tmp\mcaFF.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcaFF.tmp\mcaFF.tmp Found mount point : C:\WINDOWS\Temp\mcu1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu1.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu10.tmp\mcu10.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu10.tmp\mcu10.tmp Found mount point : C:\WINDOWS\Temp\mcu100.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu100.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu101.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu101.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu102.tmp\mcu102.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu102.tmp\mcu102.tmp Found mount point : C:\WINDOWS\Temp\mcu103.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu103.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu104.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu104.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu105.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu105.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu106.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu106.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu107.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu107.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu108.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu108.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu109.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu109.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu10A.tmp\mcu10A.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu10A.tmp\mcu10A.tmp Found mount point : C:\WINDOWS\Temp\mcu10B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu10B.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu10C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu10C.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu10D.tmp\mcu10D.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu10D.tmp\mcu10D.tmp Found mount point : C:\WINDOWS\Temp\mcu10E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu10E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu10F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu10F.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu11.tmp\mcu11.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu11.tmp\mcu11.tmp Found mount point : C:\WINDOWS\Temp\mcu110.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu110.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu111.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu111.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu112.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu112.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu113.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu113.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu114.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu114.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu115.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu115.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu116.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu116.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu117.tmp\mcu117.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu117.tmp\mcu117.tmp Found mount point : C:\WINDOWS\Temp\mcu118.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu118.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu119.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu119.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu11A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu11A.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu11B.tmp\mcu11B.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu11B.tmp\mcu11B.tmp Found mount point : C:\WINDOWS\Temp\mcu11C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu11C.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu11D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu11D.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu11E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu11E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu11F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu11F.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu12.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu12.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu120.tmp\mcu120.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu120.tmp\mcu120.tmp Found mount point : C:\WINDOWS\Temp\mcu121.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu121.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu122.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu122.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu123.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu123.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu124.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu124.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu125.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu125.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu126.tmp\mcu126.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu126.tmp\mcu126.tmp Found mount point : C:\WINDOWS\Temp\mcu127.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu127.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu128.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu128.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu129.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu129.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu12A.tmp\mcu12A.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu12A.tmp\mcu12A.tmp Found mount point : C:\WINDOWS\Temp\mcu12B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu12B.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu12C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu12C.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu12D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu12D.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu12E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu12E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu12F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu12F.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu13.tmp\mcu13.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu13.tmp\mcu13.tmp Found mount point : C:\WINDOWS\Temp\mcu130.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu130.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu131.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu131.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu132.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu132.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu133.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu133.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu134.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu134.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu135.tmp\mcu135.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu135.tmp\mcu135.tmp Found mount point : C:\WINDOWS\Temp\mcu136.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu136.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu137.tmp\mcu137.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu137.tmp\mcu137.tmp Found mount point : C:\WINDOWS\Temp\mcu138.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu138.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu139.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu139.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu13A.tmp\mcu13A.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu13A.tmp\mcu13A.tmp Found mount point : C:\WINDOWS\Temp\mcu13B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu13B.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu13C.tmp\mcu13C.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu13C.tmp\mcu13C.tmp Found mount point : C:\WINDOWS\Temp\mcu13D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu13D.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu13E.tmp\mcu13E.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu13E.tmp\mcu13E.tmp Found mount point : C:\WINDOWS\Temp\mcu13F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu13F.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu14.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu14.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu140.tmp\mcu140.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu140.tmp\mcu140.tmp Found mount point : C:\WINDOWS\Temp\mcu141.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu141.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu142.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu142.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu143.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu143.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu144.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu144.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu145.tmp\mcu145.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu145.tmp\mcu145.tmp Found mount point : C:\WINDOWS\Temp\mcu146.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu146.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu147.tmp\mcu147.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu147.tmp\mcu147.tmp Found mount point : C:\WINDOWS\Temp\mcu148.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu148.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu149.tmp\mcu149.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu149.tmp\mcu149.tmp Found mount point : C:\WINDOWS\Temp\mcu14A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu14A.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu14B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu14B.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu14C.tmp\mcu14C.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu14C.tmp\mcu14C.tmp Found mount point : C:\WINDOWS\Temp\mcu14D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu14D.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu14E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu14E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu14F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu14F.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu15.tmp\mcu15.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu15.tmp\mcu15.tmp Found mount point : C:\WINDOWS\Temp\mcu150.tmp\mcu150.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu150.tmp\mcu150.tmp Found mount point : C:\WINDOWS\Temp\mcu151.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu151.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu152.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu152.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu153.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu153.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu154.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu154.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu155.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu155.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu156.tmp\mcu156.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu156.tmp\mcu156.tmp Found mount point : C:\WINDOWS\Temp\mcu157.tmp\mcu157.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu157.tmp\mcu157.tmp Found mount point : C:\WINDOWS\Temp\mcu158.tmp\mcu158.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu158.tmp\mcu158.tmp Found mount point : C:\WINDOWS\Temp\mcu159.tmp\mcu159.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu159.tmp\mcu159.tmp Found mount point : C:\WINDOWS\Temp\mcu15A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu15A.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu15B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu15B.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu15C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu15C.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu15E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu15E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu16.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu16.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu160.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu160.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu162.tmp\mcu162.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu162.tmp\mcu162.tmp Found mount point : C:\WINDOWS\Temp\mcu16D.tmp\mcu16D.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu16D.tmp\mcu16D.tmp Found mount point : C:\WINDOWS\Temp\mcu17.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu17.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu17E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu17E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu18.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu18.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu19.tmp\mcu19.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu19.tmp\mcu19.tmp Found mount point : C:\WINDOWS\Temp\mcu1A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu1A.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu1B.tmp\mcu1B.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu1B.tmp\mcu1B.tmp Found mount point : C:\WINDOWS\Temp\mcu1C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu1C.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu1D.tmp\mcu1D.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu1D.tmp\mcu1D.tmp Found mount point : C:\WINDOWS\Temp\mcu1DB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu1DB.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu1DF.tmp\msk\en-us\us\us Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu1DF.tmp\msk\en-us\us\us Found mount point : C:\WINDOWS\Temp\mcu1E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu1E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu1F.tmp\mcu1F.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu1F.tmp\mcu1F.tmp Found mount point : C:\WINDOWS\Temp\mcu2.tmp\mcu2.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu2.tmp\mcu2.tmp Found mount point : C:\WINDOWS\Temp\mcu20.tmp\mcu20.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu20.tmp\mcu20.tmp Found mount point : C:\WINDOWS\Temp\mcu21.tmp\mcu21.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu21.tmp\mcu21.tmp Found mount point : C:\WINDOWS\Temp\mcu22.tmp\mcu22.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu22.tmp\mcu22.tmp Found mount point : C:\WINDOWS\Temp\mcu23.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu23.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu24.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu24.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu25.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu25.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu26.tmp\mcu26.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu26.tmp\mcu26.tmp Found mount point : C:\WINDOWS\Temp\mcu27.tmp\mcu27.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu27.tmp\mcu27.tmp Found mount point : C:\WINDOWS\Temp\mcu28.tmp\mcu28.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu28.tmp\mcu28.tmp Found mount point : C:\WINDOWS\Temp\mcu29.tmp\mcu29.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu29.tmp\mcu29.tmp Found mount point : C:\WINDOWS\Temp\mcu2A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu2A.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu2B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu2B.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu2C.tmp\mcu2C.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu2C.tmp\mcu2C.tmp Found mount point : C:\WINDOWS\Temp\mcu2D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu2D.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu2E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu2E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu2F.tmp\mcu2F.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu2F.tmp\mcu2F.tmp Found mount point : C:\WINDOWS\Temp\mcu3.tmp\mcu3.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu3.tmp\mcu3.tmp Found mount point : C:\WINDOWS\Temp\mcu30.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu30.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu31.tmp\mcu31.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu31.tmp\mcu31.tmp Found mount point : C:\WINDOWS\Temp\mcu32.tmp\mcu32.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu32.tmp\mcu32.tmp Found mount point : C:\WINDOWS\Temp\mcu33.tmp\mcu33.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu33.tmp\mcu33.tmp Found mount point : C:\WINDOWS\Temp\mcu34.tmp\mcu34.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu34.tmp\mcu34.tmp Found mount point : C:\WINDOWS\Temp\mcu35.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu35.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu36.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu36.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu37.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu37.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu38.tmp\mcu38.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu38.tmp\mcu38.tmp Found mount point : C:\WINDOWS\Temp\mcu39.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu39.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu3A.tmp\mcu3A.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu3A.tmp\mcu3A.tmp Found mount point : C:\WINDOWS\Temp\mcu3B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu3B.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu3C.tmp\mcu3C.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu3C.tmp\mcu3C.tmp Found mount point : C:\WINDOWS\Temp\mcu3D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu3D.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu3E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu3E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu3F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu3F.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu4.tmp\mcu4.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu4.tmp\mcu4.tmp Found mount point : C:\WINDOWS\Temp\mcu40.tmp\mcu40.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu40.tmp\mcu40.tmp Found mount point : C:\WINDOWS\Temp\mcu41.tmp\mcu41.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu41.tmp\mcu41.tmp Found mount point : C:\WINDOWS\Temp\mcu42.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu42.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu43.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu43.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu44.tmp\mcu44.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu44.tmp\mcu44.tmp Found mount point : C:\WINDOWS\Temp\mcu45.tmp\mcu45.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu45.tmp\mcu45.tmp Found mount point : C:\WINDOWS\Temp\mcu46.tmp\mcu46.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu46.tmp\mcu46.tmp Found mount point : C:\WINDOWS\Temp\mcu47.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu47.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu48.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu48.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu49.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu49.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu4A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu4A.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu4B.tmp\mcu4B.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu4B.tmp\mcu4B.tmp Found mount point : C:\WINDOWS\Temp\mcu4C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu4C.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu4D.tmp\mcu4D.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu4D.tmp\mcu4D.tmp Found mount point : C:\WINDOWS\Temp\mcu4E.tmp\mcu4E.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu4E.tmp\mcu4E.tmp Found mount point : C:\WINDOWS\Temp\mcu4F.tmp\mcu4F.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu4F.tmp\mcu4F.tmp Found mount point : C:\WINDOWS\Temp\mcu5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu5.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu50.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu50.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu51.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu51.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu52.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu52.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu53.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu53.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu54.tmp\mcu54.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu54.tmp\mcu54.tmp Found mount point : C:\WINDOWS\Temp\mcu55.tmp\mcu55.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu55.tmp\mcu55.tmp Found mount point : C:\WINDOWS\Temp\mcu56.tmp\mcu56.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu56.tmp\mcu56.tmp Found mount point : C:\WINDOWS\Temp\mcu57.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu57.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu58.tmp\mcu58.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu58.tmp\mcu58.tmp Found mount point : C:\WINDOWS\Temp\mcu59.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu59.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu5A.tmp\mcu5A.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu5A.tmp\mcu5A.tmp Found mount point : C:\WINDOWS\Temp\mcu5B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu5B.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu5C.tmp\mcu5C.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu5C.tmp\mcu5C.tmp Found mount point : C:\WINDOWS\Temp\mcu5D.tmp\mcu5D.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu5D.tmp\mcu5D.tmp Found mount point : C:\WINDOWS\Temp\mcu5E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu5E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu5F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu5F.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu6.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu60.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu60.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu61.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu61.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu62.tmp\mcu62.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu62.tmp\mcu62.tmp Found mount point : C:\WINDOWS\Temp\mcu63.tmp\mcu63.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu63.tmp\mcu63.tmp Found mount point : C:\WINDOWS\Temp\mcu64.tmp\mcu64.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu64.tmp\mcu64.tmp Found mount point : C:\WINDOWS\Temp\mcu65.tmp\mcu65.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu65.tmp\mcu65.tmp Found mount point : C:\WINDOWS\Temp\mcu66.tmp\mcu66.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu66.tmp\mcu66.tmp Found mount point : C:\WINDOWS\Temp\mcu67.tmp\mcu67.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu67.tmp\mcu67.tmp Found mount point : C:\WINDOWS\Temp\mcu68.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu68.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu69.tmp\mcu69.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu69.tmp\mcu69.tmp Found mount point : C:\WINDOWS\Temp\mcu6A.tmp\mcu6A.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu6A.tmp\mcu6A.tmp Found mount point : C:\WINDOWS\Temp\mcu6B.tmp\mcu6B.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu6B.tmp\mcu6B.tmp Found mount point : C:\WINDOWS\Temp\mcu6C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu6C.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu6D.tmp\mcu6D.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu6D.tmp\mcu6D.tmp Found mount point : C:\WINDOWS\Temp\mcu6E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu6E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu6F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu6F.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu7.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu70.tmp\mcu70.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu70.tmp\mcu70.tmp Found mount point : C:\WINDOWS\Temp\mcu71.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu71.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu72.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu72.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu73.tmp\mcu73.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu73.tmp\mcu73.tmp Found mount point : C:\WINDOWS\Temp\mcu74.tmp\mcu74.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu74.tmp\mcu74.tmp Found mount point : C:\WINDOWS\Temp\mcu75.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu75.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu76.tmp\mcu76.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu76.tmp\mcu76.tmp Found mount point : C:\WINDOWS\Temp\mcu77.tmp\mcu77.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu77.tmp\mcu77.tmp Found mount point : C:\WINDOWS\Temp\mcu78.tmp\mcu78.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu78.tmp\mcu78.tmp Found mount point : C:\WINDOWS\Temp\mcu79.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu79.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu7A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu7A.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu7B.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu7B.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu7C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu7C.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu7D.tmp\mcu7D.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu7D.tmp\mcu7D.tmp Found mount point : C:\WINDOWS\Temp\mcu7E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu7E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu7F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu7F.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu8.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu8.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu80.tmp\mcu80.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu80.tmp\mcu80.tmp Found mount point : C:\WINDOWS\Temp\mcu81.tmp\mcu81.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu81.tmp\mcu81.tmp Found mount point : C:\WINDOWS\Temp\mcu82.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu82.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu83.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu83.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu84.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu84.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu85.tmp\mcu85.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu85.tmp\mcu85.tmp Found mount point : C:\WINDOWS\Temp\mcu86.tmp\mcu86.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu86.tmp\mcu86.tmp Found mount point : C:\WINDOWS\Temp\mcu87.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu87.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu88.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu88.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu89.tmp\mcu89.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu89.tmp\mcu89.tmp Found mount point : C:\WINDOWS\Temp\mcu8A.tmp\mcu8A.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu8A.tmp\mcu8A.tmp Found mount point : C:\WINDOWS\Temp\mcu8B.tmp\mcu8B.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu8B.tmp\mcu8B.tmp Found mount point : C:\WINDOWS\Temp\mcu8C.tmp\mcu8C.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu8C.tmp\mcu8C.tmp Found mount point : C:\WINDOWS\Temp\mcu8D.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu8D.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu8E.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu8E.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu8F.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu8F.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu9.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu90.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu90.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu91.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu91.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu92.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu92.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu93.tmp\mcu93.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu93.tmp\mcu93.tmp Found mount point : C:\WINDOWS\Temp\mcu94.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu94.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu95.tmp\mcu95.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu95.tmp\mcu95.tmp Found mount point : C:\WINDOWS\Temp\mcu96.tmp\mcu96.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu96.tmp\mcu96.tmp Found mount point : C:\WINDOWS\Temp\mcu97.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu97.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu98.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu98.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu99.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu99.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu9A.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu9A.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu9B.tmp\mcu9B.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu9B.tmp\mcu9B.tmp Found mount point : C:\WINDOWS\Temp\mcu9C.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu9C.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcu9D.tmp\mcu9D.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu9D.tmp\mcu9D.tmp Found mount point : C:\WINDOWS\Temp\mcu9E.tmp\mcu9E.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu9E.tmp\mcu9E.tmp Found mount point : C:\WINDOWS\Temp\mcu9F.tmp\mcu9F.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcu9F.tmp\mcu9F.tmp Found mount point : C:\WINDOWS\Temp\mcuA0.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuA0.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuA1.tmp\mcuA1.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuA1.tmp\mcuA1.tmp Found mount point : C:\WINDOWS\Temp\mcuA2.tmp\mcuA2.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuA2.tmp\mcuA2.tmp Found mount point : C:\WINDOWS\Temp\mcuA3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuA3.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuA4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuA4.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuA5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuA5.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuA6.tmp\mcuA6.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuA6.tmp\mcuA6.tmp Found mount point : C:\WINDOWS\Temp\mcuA7.tmp\mcuA7.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuA7.tmp\mcuA7.tmp Found mount point : C:\WINDOWS\Temp\mcuA8.tmp\mcuA8.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuA8.tmp\mcuA8.tmp Found mount point : C:\WINDOWS\Temp\mcuA9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuA9.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuAA.tmp\mcuAA.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuAA.tmp\mcuAA.tmp Found mount point : C:\WINDOWS\Temp\mcuAB.tmp\mcuAB.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuAB.tmp\mcuAB.tmp Found mount point : C:\WINDOWS\Temp\mcuAC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuAC.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuAD.tmp\mcuAD.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuAD.tmp\mcuAD.tmp Found mount point : C:\WINDOWS\Temp\mcuAE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuAE.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuAF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuAF.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuB0.tmp\mcuB0.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuB0.tmp\mcuB0.tmp Found mount point : C:\WINDOWS\Temp\mcuB1.tmp\mcuB1.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuB1.tmp\mcuB1.tmp Found mount point : C:\WINDOWS\Temp\mcuB2.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuB2.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuB3.tmp\mcuB3.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuB3.tmp\mcuB3.tmp Found mount point : C:\WINDOWS\Temp\mcuB4.tmp\mcuB4.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuB4.tmp\mcuB4.tmp Found mount point : C:\WINDOWS\Temp\mcuB5.tmp\mcuB5.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuB5.tmp\mcuB5.tmp Found mount point : C:\WINDOWS\Temp\mcuB6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuB6.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuB7.tmp\mcuB7.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuB7.tmp\mcuB7.tmp Found mount point : C:\WINDOWS\Temp\mcuB8.tmp\mcuB8.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuB8.tmp\mcuB8.tmp Found mount point : C:\WINDOWS\Temp\mcuB9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuB9.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuBA.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuBA.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuBB.tmp\vso\en-us\us\us Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuBB.tmp\vso\en-us\us\us Found mount point : C:\WINDOWS\Temp\mcuBB.tmp\vso\winnt\winnt Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuBB.tmp\vso\winnt\winnt Found mount point : C:\WINDOWS\Temp\mcuBC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuBC.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuBD.tmp\mcuBD.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuBD.tmp\mcuBD.tmp Found mount point : C:\WINDOWS\Temp\mcuBE.tmp\mcuBE.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuBE.tmp\mcuBE.tmp Found mount point : C:\WINDOWS\Temp\mcuBF.tmp\mcuBF.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuBF.tmp\mcuBF.tmp Found mount point : C:\WINDOWS\Temp\mcuC.tmp\mcuC.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuC.tmp\mcuC.tmp Found mount point : C:\WINDOWS\Temp\mcuC0.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuC0.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuC1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuC1.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuC2.tmp\mcuC2.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuC2.tmp\mcuC2.tmp Found mount point : C:\WINDOWS\Temp\mcuC3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuC3.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuC4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuC4.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuC5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuC5.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuC6.tmp\mcuC6.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuC6.tmp\mcuC6.tmp Found mount point : C:\WINDOWS\Temp\mcuC7.tmp\mcuC7.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuC7.tmp\mcuC7.tmp Found mount point : C:\WINDOWS\Temp\mcuC8.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuC8.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuC9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuC9.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuCA.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuCA.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuCB.tmp\mcuCB.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuCB.tmp\mcuCB.tmp Found mount point : C:\WINDOWS\Temp\mcuCC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuCC.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuCD.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuCD.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuCE.tmp\mcuCE.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuCE.tmp\mcuCE.tmp Found mount point : C:\WINDOWS\Temp\mcuCF.tmp\mcuCF.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuCF.tmp\mcuCF.tmp Found mount point : C:\WINDOWS\Temp\mcuD.tmp\mcuD.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuD.tmp\mcuD.tmp Found mount point : C:\WINDOWS\Temp\mcuD0.tmp\mcuD0.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuD0.tmp\mcuD0.tmp Found mount point : C:\WINDOWS\Temp\mcuD1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuD1.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuD2.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuD2.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuD3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuD3.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuD4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuD4.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuD5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuD5.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuD6.tmp\mcuD6.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuD6.tmp\mcuD6.tmp Found mount point : C:\WINDOWS\Temp\mcuD7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuD7.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuD8.tmp\mcuD8.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuD8.tmp\mcuD8.tmp Found mount point : C:\WINDOWS\Temp\mcuD9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuD9.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuDA.tmp\mcuDA.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuDA.tmp\mcuDA.tmp Found mount point : C:\WINDOWS\Temp\mcuDB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuDB.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuDC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuDC.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuDD.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuDD.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuDE.tmp\mcuDE.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuDE.tmp\mcuDE.tmp Found mount point : C:\WINDOWS\Temp\mcuDF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuDF.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuE.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuE0.tmp\mcuE0.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuE0.tmp\mcuE0.tmp Found mount point : C:\WINDOWS\Temp\mcuE1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuE1.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuE2.tmp\mcuE2.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuE2.tmp\mcuE2.tmp Found mount point : C:\WINDOWS\Temp\mcuE3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuE3.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuE4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuE4.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuE5.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuE5.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuE6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuE6.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuE7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuE7.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuE8.tmp\mcuE8.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuE8.tmp\mcuE8.tmp Found mount point : C:\WINDOWS\Temp\mcuE9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuE9.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuEA.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuEA.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuEB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuEB.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuEC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuEC.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuED.tmp\mcuED.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuED.tmp\mcuED.tmp Found mount point : C:\WINDOWS\Temp\mcuEE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuEE.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuEF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuEF.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuF.tmp\mcuF.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuF.tmp\mcuF.tmp Found mount point : C:\WINDOWS\Temp\mcuF0.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuF0.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuF1.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuF1.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuF2.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuF2.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuF3.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuF3.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuF4.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuF4.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuF5.tmp\mcuF5.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuF5.tmp\mcuF5.tmp Found mount point : C:\WINDOWS\Temp\mcuF6.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuF6.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuF7.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuF7.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuF8.tmp\mcuF8.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuF8.tmp\mcuF8.tmp Found mount point : C:\WINDOWS\Temp\mcuF9.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuF9.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuFA.tmp\mcuFA.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuFA.tmp\mcuFA.tmp Found mount point : C:\WINDOWS\Temp\mcuFB.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuFB.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuFC.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuFC.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuFD.tmp\mcuFD.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuFD.tmp\mcuFD.tmp Found mount point : C:\WINDOWS\Temp\mcuFE.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuFE.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\mcuFF.tmp\vso\vso Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\mcuFF.tmp\vso\vso Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\RtSigs\Data\Data Found mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor Found mount point : C:\WINDOWS\Temp\UPD101.tmp\UPD101.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\UPD101.tmp\UPD101.tmp Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Finished! |
|
|
|
|
11-04-2009, 08:35 AM
|
#9 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,795
OS: 2000 Pro; XP Pro; XP Home
|
Re: Severe Malware Damage - Critical Laptop
Good job, next steps...
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
11-04-2009, 12:45 PM
|
#10 (permalink) |
|
Registered User
Join Date: Nov 2009
Posts: 20
OS: windowx xp
|
Re: Severe Malware Damage - Critical Laptop
ComboFix 09-11-04.02 - Michael 11/04/2009 14:19.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.520 [GMT -5:00] Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Michael\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe c:\documents and settings\Allie\ntuser.dll c:\documents and settings\Allie\Start Menu\Programs\Startup\scandisk.dll c:\documents and settings\Allie\Start Menu\Programs\Startup\scandisk.lnk c:\documents and settings\LocalService\ntuser.dll c:\documents and settings\Michael\Local Settings\Temp\Temporary Directory 2 for gmer.zip\gmer.exe c:\documents and settings\Michael\ntuser.dll c:\documents and settings\Michael\Start Menu\Programs\Startup\scandisk.dll c:\documents and settings\Michael\Start Menu\Programs\Startup\scandisk.lnk c:\program files\Shared\lib.dll c:\program files\Shared\lib.sig c:\windows\batmeter16.dll c:\windows\system32\_000013_.tmp.dll c:\windows\system32\~.exe c:\windows\system32\bszip.dll c:\windows\system32\calc.dll c:\windows\system32\WGOrutwa.ini c:\windows\system32\WGOrutwa.ini2 Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 ))))))))))))))))))))))))))))))) . 2009-11-04 19:15 . 2009-11-04 19:15 -------- d-----w- c:\windows\LastGood.Tmp 2009-11-04 00:57 . 2009-11-04 00:57 -------- d-----w- c:\program files\trend micro 2009-11-04 00:57 . 2009-11-04 00:57 -------- d-----w- C:\rsit 2009-11-01 03:14 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-01 03:14 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-01 03:14 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-01 03:14 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-01 03:14 . 2009-11-01 03:14 -------- d-----w- c:\program files\Avira 2009-11-01 03:14 . 2009-11-01 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-01 02:11 . 2009-11-01 02:11 -------- d-----w- c:\program files\Mb 2009-10-26 23:22 . 2009-10-26 23:22 -------- d-----w- c:\documents and settings\Michael\Application Data\Yahoo! 2009-10-26 23:22 . 2009-11-04 01:32 -------- d-----w- c:\documents and settings\Michael\Application Data\HPAppData 2009-10-25 18:23 . 2009-10-25 18:23 -------- d-----w- c:\documents and settings\Tanya\Application Data\WTablet 2009-10-25 18:19 . 2009-10-25 18:19 -------- d--h--w- c:\windows\system32\WLANProfiles 2009-10-25 18:14 . 2009-10-25 18:14 -------- d--h--w- c:\documents and settings\Allie\WLANProfiles 2009-10-25 18:14 . 2009-10-25 18:14 -------- d-----w- C:\WLANProfiles 2009-10-25 18:14 . 2009-10-25 18:14 -------- d-----w- C:\Google 2009-10-25 17:16 . 2009-11-04 10:50 0 ----a-r- c:\windows\win32k.sys 2009-10-23 19:08 . 2009-11-04 19:28 -------- d-----w- c:\program files\Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-04 19:34 . 2008-12-25 19:10 -------- d-----w- c:\documents and settings\Michael\Application Data\WTablet 2009-11-04 10:51 . 2008-12-26 22:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet 2009-11-01 20:37 . 2008-12-29 17:28 -------- d-----w- c:\documents and settings\Allie\Application Data\WTablet 2009-11-01 02:29 . 2008-12-25 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-01 02:27 . 2009-01-13 00:35 -------- d-----w- c:\documents and settings\Allie\Application Data\HPAppData 2009-10-26 23:14 . 2006-04-03 18:21 78464 ----a-w- c:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-25 17:45 . 2008-01-20 21:01 -------- d-----w- c:\program files\Bonjour 2009-10-23 19:02 . 2005-12-20 22:31 -------- d-----w- c:\program files\McAfee 2009-10-17 16:21 . 2006-04-08 21:39 -------- d-----w- c:\documents and settings\Allie\Application Data\AdobeUM 2009-09-25 05:37 . 2004-08-11 23:00 667136 ----a-w- c:\windows\system32\wininet.dll 2009-09-25 05:37 . 2004-08-11 23:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-16 14:22 . 2008-12-25 16:55 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 14:22 . 2008-12-25 16:55 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 14:22 . 2008-12-25 16:55 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 14:22 . 2008-06-27 11:08 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 14:22 . 2008-12-25 16:46 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-11 14:18 . 2004-08-11 23:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-26 08:00 . 2004-08-11 23:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-06 23:24 . 2004-08-11 23:12 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-08-11 23:12 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-08-11 23:12 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2004-08-11 23:12 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2004-08-11 23:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-08-11 23:12 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2004-08-11 23:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2006-08-18 18:27 . 2006-01-01 14:23 952 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2005-12-20 168448] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-20 26112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-09-09 8192] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048] "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] c:\documents and settings\Michael\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-26 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-26 113664] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-26 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 12:45 AM 124832] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/31/2009 10:14 PM 108289] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/25/2008 12:02 PM 206096] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [12/25/2008 2:09 PM 1373480] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2008-12-25 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-25 16:22] 2009-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-25 16:22] 2009-11-04 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-21 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig/dell?hl=en mStart Page = hxxp://www.dell.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe AddRemove-BFG-Cake Mania 3 - c:\program files\Cake Mania 3\Uninstall.exe AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742} ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-04 14:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1004) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(4664) c:\program files\McAfee\SiteAdvisor\saHook.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe c:\windows\system32\Ati2evxx.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MPF\MPFSrv.exe c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe c:\program files\Apoint\Apntex.exe c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe c:\program files\McAfee\MSK\MskSrver.exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe c:\windows\system32\PSIService.exe c:\program files\Digital Line Detect\DLG.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\HP\Digital Imaging\bin\hpqtra08.exe c:\windows\system32\WTablet\Wacom_TabletUser.exe c:\windows\system32\wdfmgr.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2009-11-04 14:41 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-04 19:41 Pre-Run: 25,258,762,240 bytes free Post-Run: 27,414,421,504 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect |
|
|
|
|
11-04-2009, 12:50 PM
|
#11 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,795
OS: 2000 Pro; XP Pro; XP Home
|
Re: Severe Malware Damage - Critical Laptop
That should improve things greatly.
We need to address something else, now that I can see more detailed information. As stated in our pre-posting sticky topic... NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help Quote:
I see you have more than one Anti-Virus program installed, Avira and McAfee. Choose one to keep and uninstall the other. Any antivirus program must be removed via add/remove program. For any program that doesn't have an add/remove entry, you will have to do this: re-install the program -> reboot -> uninstallShould you choose to uninstall McAfee, also run this McAfee Removal tool Download the McAfee Removal Tool. Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y. ----------------------------------------------------------------------- Once you've done that, try to download a fresh copy of DDS, run it and post the logs.  Download DDS and save it to your desktop from here, here or here. Disable any script blocker, and then double click dds to run the tool.
Please include the following logs in your thread:
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
11-04-2009, 05:58 PM
|
#12 (permalink) |
|
Registered User
Join Date: Nov 2009
Posts: 20
OS: windowx xp
|
Re: Severe Malware Damage - Critical Laptop
DDS (Ver_09-10-26.01) - NTFSx86
Run by Michael at 19:48:16.09 on Wed 11/04/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.404 [GMT -5:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\PSIService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Documents and Settings\Michael\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig/dell?hl=en mStart Page = hxxp://www.dell.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup StartupFolder: c:\docume~1\michael\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: musicmatch.com\online DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230218337875 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll ============= SERVICES / DRIVERS =============== R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-25 206096] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-25 1373480] =============== Created Last 30 ================ 2009-11-04 19:13:32 0 d-sha-r- C:\cmdcons 2009-11-04 19:10:24 77312 ----a-w- c:\windows\MBR.exe 2009-11-04 19:10:24 267264 ----a-w- c:\windows\PEV.exe 2009-11-04 19:10:23 98816 ----a-w- c:\windows\sed.exe 2009-11-04 19:10:23 161792 ----a-w- c:\windows\SWREG.exe 2009-11-04 19  29 0 d-----w- C:\ComboFix2009-11-04 00:57:19 0 d-----w- c:\program files\trend micro 2009-11-01 03:14:45 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-01 02:11:00 0 d-----w- c:\program files\Mb 2009-10-31 18:43:10 54156 ---ha-w- c:\windows\QTFont.qfn 2009-10-31 18:43:10 1409 ----a-w- c:\windows\QTFont.for 2009-10-26 23:14:23 0 ----a-w- c:\documents and settings\michael\Ÿ9Ÿ9 2009-10-25 18:19:08 0 d--h--w- c:\windows\system32\WLANProfiles 2009-10-25 18:14:31 0 d-----w- C:\WLANProfiles 2009-10-25 18:14:31 0 d-----w- C:\Google 2009-10-25 17:16:21 0 ----a-r- c:\windows\win32k.sys 2009-10-23 19:08:55 0 d-----w- c:\program files\Shared ==================== Find3M ==================== 2009-09-25 05:37:11 667136 ------w- c:\windows\system32\wininet.dll 2009-09-25 05:37:11 667136 ------w- c:\windows\system32\dllcache\wininet.dll 2009-09-25 05:37:11 627712 ------w- c:\windows\system32\dllcache\urlmon.dll 2009-09-25 05:37:10 3070976 ------w- c:\windows\system32\dllcache\mshtml.dll 2009-09-25 05:37:10 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll 2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-25 05:37:09 81920 ------w- c:\windows\system32\dllcache\ieencode.dll 2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll 2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll 2009-08-13 15:16:05 512000 ------w- c:\windows\system32\dllcache\jscript.dll 2006-08-18 18:27:41 952 --sha-w- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 19:49:23.01 =============== |
|
|
|
|
11-04-2009, 07:34 PM
|
#13 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,795
OS: 2000 Pro; XP Pro; XP Home
|
Re: Severe Malware Damage - Critical Laptop
Looking much better.
Before we continue, a couple of questions... You mentioned lack of internet access on this machine in your initial post. Has that been resolved? It would seem so, as it appears ComboFix was able to download and install the Recovery Console during it's run. Next, is there more than one user account on this machine? Or is the account named Michael the only user account?
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
11-05-2009, 05:25 PM
|
#15 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,795
OS: 2000 Pro; XP Pro; XP Home
|
Re: Severe Malware Damage - Critical Laptop
Ok, great...next steps.
Ooutdated Java: Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) SE Runtime Environment 6 These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Java(TM) 6 Update 11 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. Going forward, Java will overwrite existing installs, so removing older versions should not be required after this. Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
--------------------------------------------------------------------------------------------- I see you have Malwarebytes' AntiMalware installed. Please update it's definitions, and run a new Quick Scan.
--------------------------------------------------------------------------------------------- Please perform this online scan to help look for remnants. This scan will take a good while, but it's very thorough. Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner **Note** To optimize scanning time and produce a more sensible report for review:
Click Accept, when prompted to download and install the program files and database of malware definitions.
--------------------------------------------------------------------------------------------- Let me know how the machine is behaving. Also, please post a DDS log from the user accounts not named Michael.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
11-06-2009, 04:40 AM
|
#16 (permalink) |
|
Registered User
Join Date: Nov 2009
Posts: 20
OS: windowx xp
|
Re: Severe Malware Damage - Critical Laptop
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report Friday, November 6, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, November 06, 2009 00:54:30 Records in database: 3145590 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: no Scan area - My Computer: C:\ D:\ Z:\ Scan statistics: Objects scanned: 110932 Threats found: 3 Infected objects found: 9 Suspicious objects found: 0 Scan duration: 01:58:53 File name / Threat / Threats count C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1 C:\Qoobox\Quarantine\C\Documents and Settings\Allie\ntuser.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Allie\Start Menu\Programs\Startup\scandisk.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Michael\ntuser.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\Documents and Settings\Michael\Start Menu\Programs\Startup\scandisk.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.dll.vir Infected: Packed.Win32.Krap.ah 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Infected: Trojan.Win32.Sirefef.a 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Packed.Win32.Krap.ah 1 Selected area has been scanned. |
|
|
|
|
11-06-2009, 04:43 AM
|
#17 (permalink) |
|
Registered User
Join Date: Nov 2009
Posts: 20
OS: windowx xp
|
Re: Severe Malware Damage - Critical Laptop
My user account seems to be working - my daughter's account still has no internet connectivity via wireless ( have notchecked LAN)
Errors switching users "ntuser.dll module could not be found" Malwarebytes will not run - mising DLL message - tried re-installing it - no luck. CAn I use the same DDS that was already downloaded onto my deskto to check her's? |
|
|
|
|
11-06-2009, 09:07 AM
|
#18 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,795
OS: 2000 Pro; XP Pro; XP Home
|
Re: Severe Malware Damage - Critical Laptop
Yes, you can use the same DDS on that account if you can transfer it from one account to the other from within Windows. Otherwise, transfer it to her account using a USB flash drive.
It would also be a good idea to check LAN connection.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
