|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-05-2009, 11:45 PM
|
#1 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Computer badly infected with viruses - PLEASE HELP!
Hello,
To begin, I understand that I did not post the DDS and GMER logs. I downloaded both of these programs, but none of them will stay open. The DDS script will show a black prompt screen, and then close in less than 2 seconds. However, sometimes but very rarely, it will open and show the prompt, but will not go past that, and then about 2 minutes later will close. For the GMER program, it will open, I unchecked what I was told, and press scan. It will scan about 5 things, and then Windows comes up with a prompt that the program had an unexpected error and crashed. What am I suppose to do since both of these programs will not run? My computer is severely infected. Just recently, my AVG FREE Edition virus scanner popped up with all of these multiple virus alrets. I press the option to remove and heal all, and nothing goes through. The viruses keep coming back. I have tried downloading Spybot S&D and after updating the definitions, it closes out, I click the Icon to open it again and it says the file is missing or I do not have access privileges to it. Also, it is very hard to get to websites because I keep getting redirected to different sites! Someone please help me! I have even tried to do a system restore to a earlier date and that did not seem to do the trick! Any help would be greatly appreciated! Thanks! |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-06-2009, 12:03 PM
|
#2 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hello,
I just this morning I was searching the forum and noticed someone had luck with running DDS and GMER by putting them on a CD and running it from there. I tried this with no success. DDS still closes after about 2 seconds, and GMER runs about 30 seconds and the program needs to shut down every time after scanning \Device\HarddiskVolumeShadowCopy1 Also, I forgot to post in the first post, I have Windows Vista. Someone please help my poor computer =( Thanks. Last edited by shyguy; 10-06-2009 at 12:09 PM. |
|
|
|
|
10-06-2009, 03:36 PM
|
#3 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
I had somewhat of a success with the GMER Application running in Safe Mode, but after an hour of running the program closed out unexpectedly and I sould not safe the part of the log file that did scan before the program terminated.
Someone please help me, my computer is getting worse and worse by the hour. Thanks. |
|
|
|
|
10-06-2009, 10:27 PM
|
#4 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,859
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hello shyguy,
Quote:
|
|
|
|
|
|
10-06-2009, 11:56 PM
|
#5 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Thank you for your reply!
This is my second time writing this since my computer just gave me the blue crash screen and restarted =/ As of right now, there were only 4 that just popped up. However, usually there is a list of 15-20 of them! The four that just popped up are all listed under: Spyware Generic.CE Here are the names of them: \\?\globalroot\Device\__max++>\15FE6ED6.x86.dll C:\Windows\explorer.exe (496) or I will get C:\Windows\explorer.exe (300) \\?\globalroot\Device\__max++>\9A27F765.x86.dll C:\Program Files\Mozilla Firefox\firefox.exe (3524) I try to remove these using AVG and it does nothing! Please help! Once again, thank you for your reply! |
|
|
|
|
10-07-2009, 06:19 AM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,859
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
That is of great help, thank you.
Please save this file to your desktop. Click Start->Run, and copy-paste the following bolded text into the Run box, and click OK. "%userprofile%\desktop\win32kdiag.exe" -f -r When it's finished, there will be a log called Win32kDiag.txt on your desktop, which I shall need to see in your next reply. =========================================== Download rsit.exe and save it to your desktop.
|
|
|
|
|
10-07-2009, 02:12 PM
|
#7 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hello,
I was able to run the Win32kDiag program. I will list the results from it below. However, the RSIT ran, I accepted the agreement, TrendMicro HijackThis! asked me to accept their agreement, and then after that the program stopped. I went to open it back up and it says: C:\Users\(myname)\Desktop\RSIT.exe - Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. what is going on with the RSIT program? Below is the log for Win32kDiag Running from: C:\Users\Trevor Bayless\Desktop\Win32kDiag.exe Log file at : C:\Users\Trevor Bayless\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\Windows'... Found mount point : C:\Windows\AppPatch\Custom\Custom Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ehome\CreateDisc\style\style Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Globalization\Globalization Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Help\Corporate\Corporate Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Microsoft.NET\authman\authman Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ModemLogs\ModemLogs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\nap\configuration\configuration Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Options\Cabs\Cabs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\PIF\PIF Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\PLA\Templates\Templates Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SchCache\SchCache Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\security\logs\logs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\security\templates\templates Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehepg_31bf3856ad364e35_6.0.6000.16679_none_d97a4d2ed1f284d2\msil_ehepg_31bf3856ad364e35_6.0.6000.16679_none_d97a4d2ed1f284d2 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehepg_31bf3856ad364e35_6.0.6000.20821_none_da31f92beaeecb56\msil_ehepg_31bf3856ad364e35_6.0.6000.20821_none_da31f92beaeecb56 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehexthost_31bf3856ad364e35_6.0.6000.16679_none_bcbfc9e4c1e1e81d\msil_ehexthost_31bf3856ad364e35_6.0.6000.16679_none_bcbfc9e4c1e1e81d Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehexthost_31bf3856ad364e35_6.0.6000.20821_none_bd7775e1dade2ea1\msil_ehexthost_31bf3856ad364e35_6.0.6000.20821_none_bd7775e1dade2ea1 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehiextens_31bf3856ad364e35_6.0.6000.16679_none_fba2d0c909e74612\msil_ehiextens_31bf3856ad364e35_6.0.6000.16679_none_fba2d0c909e74612 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehiextens_31bf3856ad364e35_6.0.6000.20821_none_fc5a7cc622e38c96\msil_ehiextens_31bf3856ad364e35_6.0.6000.20821_none_fc5a7cc622e38c96 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehshell_31bf3856ad364e35_6.0.6000.16679_none_896d686f44a61324\msil_ehshell_31bf3856ad364e35_6.0.6000.16679_none_896d686f44a61324 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehshell_31bf3856ad364e35_6.0.6000.20821_none_8a25146c5da259a8\msil_ehshell_31bf3856ad364e35_6.0.6000.20821_none_8a25146c5da259a8 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehshell_31bf3856ad364e35_6.0.6001.18061_none_8b5674b141cbbd6c\msil_ehshell_31bf3856ad364e35_6.0.6001.18061_none_8b5674b141cbbd6c Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehshell_31bf3856ad364e35_6.0.6001.22165_none_8be412a45ae5c292\msil_ehshell_31bf3856ad364e35_6.0.6001.22165_none_8be412a45ae5c292 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16679_none_4e6b0c2698ea89ba\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16679_none_4e6b0c2698ea89ba Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20821_none_4f22b823b1e6d03e\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20821_none_4f22b823b1e6d03e Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16679_none_30f95ad65a3e86d4\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16679_none_30f95ad65a3e86d4 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20821_none_31b106d3733acd58\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20821_none_31b106d3733acd58 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18061_none_32e267185764311c\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18061_none_32e267185764311c Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22165_none_3370050b707e3642\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22165_none_3370050b707e3642 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16679_none_2354b3c9cf56f2ea\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16679_none_2354b3c9cf56f2ea Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20821_none_240c5fc6e853396e\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20821_none_240c5fc6e853396e Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_mcupdate_31bf3856ad364e35_6.0.6000.16679_none_c673e63faed8754d\x86_mcupdate_31bf3856ad364e35_6.0.6000.16679_none_c673e63faed8754d Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_mcupdate_31bf3856ad364e35_6.0.6000.20821_none_c72b923cc7d4bbd1\x86_mcupdate_31bf3856ad364e35_6.0.6000.20821_none_c72b923cc7d4bbd1 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_mcupdate_31bf3856ad364e35_6.0.6001.18061_none_c85cf281abfe1f95\x86_mcupdate_31bf3856ad364e35_6.0.6001.18061_none_c85cf281abfe1f95 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_mcupdate_31bf3856ad364e35_6.0.6001.22165_none_c8ea9074c51824bb\x86_mcupdate_31bf3856ad364e35_6.0.6001.22165_none_c8ea9074c51824bb Mount point destination : \Device\__max++>\^ Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64: 3 Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16679_none_2db4cba1854c2050\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16679_none_2db4cba1854c2050 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20821_none_2e6c779e9e4866d4\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20821_none_2e6c779e9e4866d4 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16679_none_2d12eef96d2c252b\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16679_none_2d12eef96d2c252b Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20821_none_2dca9af686286baf\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20821_none_2dca9af686286baf Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18061_none_2efbfb3b6a51cf73\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18061_none_2efbfb3b6a51cf73 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22165_none_2f89992e836bd499\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22165_none_2f89992e836bd499 Mount point destination : \Device\__max++>\^ Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d: 3 Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16679_none_4fe31875538242d1\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16679_none_4fe31875538242d1 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20821_none_509ac4726c7e8955\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20821_none_509ac4726c7e8955 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16679_none_3693dda116ea05e6\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16679_none_3693dda116ea05e6 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20821_none_374b899e2fe64c6a\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20821_none_374b899e2fe64c6a Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16679_none_39e223022e478d8d\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16679_none_39e223022e478d8d Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20821_none_3a99ceff4743d411\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20821_none_3a99ceff4743d411 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16679_none_cc9b30cbcc71d8eb\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16679_none_cc9b30cbcc71d8eb Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20821_none_cd52dcc8e56e1f6f\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20821_none_cd52dcc8e56e1f6f Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18061_none_ce843d0dc9978333\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18061_none_ce843d0dc9978333 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22165_none_cf11db00e2b18859\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22165_none_cf11db00e2b18859 Mount point destination : \Device\__max++>\^ Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9: 3 Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16679_none_de4f2af09170b787\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16679_none_de4f2af09170b787 Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20821_none_df06d6edaa6cfe0b\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20821_none_df06d6edaa6cfe0b Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18061_none_e03837328e9661cf\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18061_none_e03837328e9661cf Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22165_none_e0c5d525a7b066f5\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22165_none_e0c5d525a7b066f5 Mount point destination : \Device\__max++>\^ Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0: 3 Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache Mount point destination : \Device\__max++>\^ Found mount point : C:\Windows\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Cannot access: C:\Windows\System32\cngaudit.dll |
|
|
|
|
10-07-2009, 02:20 PM
|
#8 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Sorry for another post, but I found in the C:\rsit folder log.txt i opened it and it looks in completed, but I will post what came from it anyways, maybe it will help you help me =)
Logfile of random's system information tool 1.06 (written by random/random) Run by Trevor Bayless at 2009-10-07 15:16:25 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 167 GB (74%) free of 227 GB Total RAM: 2037 MB (47% free) ======Scheduled tasks folder====== C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job C:\Windows\tasks\Uniblue SpeedUpMyPC.job C:\Windows\tasks\User_Feed_Synchronization-{6B670DA9-26F4-40B3-97F4-A76AC01FE9C3}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] HP Print Clips - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-24 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-28 141848] "Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-28 137752] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-30 159744] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712] "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184] "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-24 2007832] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [] "UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] C:\Program Files\DNA\btdna.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\SideBar.exe [2008-01-20 1233920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25604904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] f:\steam\steam.exe -silent [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 2000 Series.lnk] C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2007-08-20 200704] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoResolveSearch"=1 "NoResolveTrack"=1 "NoDriveTypeAutoRun"=157 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink" "F:\BitTorrent\bittorrent.exe"="F:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-10-07 15:05:52 ----D---- C:\rsit 2009-10-07 15:05:52 ----D---- C:\Program Files\trend micro 2009-10-07 14:55:43 ----D---- C:\e1427500a4da8f2d3058 2009-10-06 00:57:03 ----A---- C:\Windows\system32\aswBoot.exe 2009-10-06 00:57:00 ----D---- C:\Program Files\Alwil Software 2009-10-05 23  10 ----A---- C:\Windows\ntbtlog.txt2009-10-05 22:46:35 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-10-05 20:48:05 ----D---- C:\Program Files\SUPERAntiSpyware 2009-10-05 15:43:37 ----D---- C:\ProgramData\SITEguard 2009-10-05 15:42:33 ----D---- C:\ProgramData\STOPzilla! 2009-10-05 15:42:33 ----D---- C:\Program Files\Common Files\iS3 2009-10-05 12:37:10 ----D---- C:\ProgramData\WindowsSearch 2009-10-04 00:38:49 ----D---- C:\Program Files\Hide My IP 2009 2009-10-02 14:23:10 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2009-10-02 14:22:09 ----D---- C:\Users\Trevor Bayless\AppData\Roaming\SUPERAntiSpyware.com 2009-09-30 02:56:02 ----RSHD---- C:\RESTORE 2009-09-16 03:46:00 ----D---- C:\Program Files\Mozilla Thunderbird 3.0 Beta 3 2009-09-08 21:21:56 ----A---- C:\Windows\system32\TCPSVCS.EXE 2009-09-08 21:21:56 ----A---- C:\Windows\system32\ROUTE.EXE 2009-09-08 21:21:56 ----A---- C:\Windows\system32\NETSTAT.EXE 2009-09-08 21:21:56 ----A---- C:\Windows\system32\netiohlp.dll 2009-09-08 21:21:56 ----A---- C:\Windows\system32\netevent.dll 2009-09-08 21:21:56 ----A---- C:\Windows\system32\MRINFO.EXE 2009-09-08 21:21:56 ----A---- C:\Windows\system32\HOSTNAME.EXE 2009-09-08 21:21:56 ----A---- C:\Windows\system32\finger.exe 2009-09-08 21:21:56 ----A---- C:\Windows\system32\ARP.EXE 2009-09-08 21:20:56 ----A---- C:\Windows\system32\jscript.dll 2009-09-08 21:20:56 ----A---- C:\Windows\system32\jscript(377).dll 2009-09-08 21:18:52 ----A---- C:\Windows\system32\wlansvc.dll 2009-09-08 21:18:52 ----A---- C:\Windows\system32\wlansec.dll 2009-09-08 21:18:52 ----A---- C:\Windows\system32\wlanmsm.dll 2009-09-08 21:18:52 ----A---- C:\Windows\system32\L2SecHC.dll 2009-09-08 21:18:17 ----A---- C:\Windows\system32\WMVCORE.DLL 2009-09-08 21:18:17 ----A---- C:\Windows\system32\mf.dll ======List of files/folders modified in the last 1 months====== 2009-10-07 15:16:33 ----D---- C:\Windows\Prefetch 2009-10-07 15:16:25 ----D---- C:\Windows\Temp 2009-10-07 15:07:26 ----D---- C:\Program Files\Mozilla Firefox 2009-10-07 15:05:52 ----D---- C:\Program Files 2009-10-07 15:03:11 ----HD---- C:\Windows\PIF 2009-10-07 15:03:11 ----D---- C:\Windows\SchCache 2009-10-07 15:03:11 ----D---- C:\Windows\ModemLogs 2009-10-07 15:03:11 ----D---- C:\Windows\LiveKernelReports 2009-10-07 14:55:14 ----SHD---- C:\System Volume Information 2009-10-07 00:54:49 ----HD---- C:\$AVG8.VAULT$ 2009-10-06 16:08:45 ----D---- C:\Windows\System32 2009-10-06 16:08:45 ----D---- C:\Windows\inf 2009-10-06 16:08:45 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-10-06 00:57:26 ----D---- C:\Windows\system32\drivers 2009-10-05 23 10 ----D---- C:\Windows2009-10-05 23:03:00 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-10-05 22:45:05 ----D---- C:\Windows\system32\catroot2 2009-10-05 22:15:09 ----D---- C:\Windows\system32\Tasks 2009-10-05 22:08:51 ----D---- C:\Users\Trevor Bayless\AppData\Roaming\FUJIFILM 2009-10-05 21:56:23 ----SHD---- C:\Windows\Installer 2009-10-05 21:46:03 ----D---- C:\Windows\Temp2 2009-10-05 21:46:00 ----D---- C:\Windows\Globalization 2009-10-05 21:45:26 ----D---- C:\Windows\system32\wbem 2009-10-05 21:44:18 ----D---- C:\Windows\system32\config 2009-10-05 21:43:56 ----D---- C:\Windows\system32\oobe 2009-10-05 21:43:56 ----D---- C:\Windows\system32\com 2009-10-05 21:43:56 ----D---- C:\Windows\servicing 2009-10-05 21:43:56 ----D---- C:\Windows\MSAgent 2009-10-05 21:43:56 ----D---- C:\Windows\ehome 2009-10-05 21:43:56 ----D---- C:\Windows\AppPatch 2009-10-05 21:43:56 ----D---- C:\Program Files\Windows Sidebar 2009-10-05 21:43:56 ----D---- C:\Program Files\Windows Photo Gallery 2009-10-05 21:43:56 ----D---- C:\Program Files\Windows Media Player 2009-10-05 21:43:56 ----D---- C:\Program Files\Windows Mail 2009-10-05 21:43:56 ----D---- C:\Program Files\Windows Journal 2009-10-05 21 |
|
|
|
|
10-07-2009, 08:32 PM
|
#9 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,859
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
Download ComboFix from one of these locations:
Link 1 Link 2 * IMPORTANT- Save ComboFix.exe to your Desktop ==================================================== Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. ==================================================== Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review. |
|
|
|
|
10-07-2009, 09:56 PM
|
#10 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
I ran the ComboFix and it came up saying that my computer needs to restart due to Rootkit activity. Here is the log file below! Thanks!
ComboFix 09-10-06.04 - Trevor Bayless 10/07/2009 22:24.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1084 [GMT -5:00] Running from: c:\users\Trevor Bayless\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-103216097-1355467055-1198146282-500 c:\$recycle.bin\S-1-5-21-647792776-3175287783-1131343854-500 c:\programdata\ntuser.dat{53c04641-7a01-11dd-be1e-001eec68662f}.TMContainer00000000000000000001.regtrans-ms c:\programdata\ntuser.dat{b0322889-aff3-11de-b62d-001eec68662f}.TMContainer00000000000000000001.regtrans-ms C:\restore c:\users\Trevor Bayless\Documents\reg backup.reg c:\windows\Installer\3b7fb0.msi c:\windows\Installer\6b285.msi c:\windows\Installer\953ee.msi c:\windows\system32\AutoRun.inf c:\windows\system32\KBL.LOG Infected copy of c:\windows\System32\drivers\iaStor.sys was found and disinfected Kitty ate it :) Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 ))))))))))))))))))))))))))))))) . 2009-10-07 20:05 . 2009-10-08 00:17 -------- d-----w- c:\program files\trend micro 2009-10-07 20:05 . 2009-10-07 20:05 -------- d-----w- C:\rsit 2009-10-06 05:57 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-10-06 05:57 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-10-06 05:57 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-10-06 05:57 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-10-06 05:57 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-10-06 05:57 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-10-06 05:57 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-10-06 05:57 . 2009-10-06 05:57 -------- d-----w- c:\program files\Alwil Software 2009-10-06 03:46 . 2009-10-06 03:53 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-06 02:45 . 2009-10-08 02:58 0 ----a-r- c:\windows\win32k.sys 2009-10-06 01:48 . 2009-10-06 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-05 20:43 . 2009-10-05 21:00 -------- d-----w- c:\programdata\SITEguard 2009-10-05 20:42 . 2009-10-06 00:41 -------- d-----w- c:\programdata\STOPzilla! 2009-10-05 20:42 . 2009-10-05 20:42 -------- d-----w- c:\program files\Common Files\iS3 2009-10-05 17:37 . 2009-10-05 17:37 -------- d-----w- c:\programdata\WindowsSearch 2009-10-04 05:38 . 2009-10-06 00:43 -------- d-----w- c:\program files\Hide My IP 2009 2009-10-02 19:23 . 2009-10-02 19:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-10-02 19:22 . 2009-10-02 19:22 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\SUPERAntiSpyware.com 2009-09-16 08:46 . 2009-10-08 02:51 -------- d-----w- c:\program files\Mozilla Thunderbird 3.0 Beta 3 2009-09-09 02:21 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-09-09 02:21 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll 2009-09-09 02:21 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-09-09 02:21 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-09-09 02:21 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-09-09 02:21 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-09-09 02:21 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-09-09 02:21 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-09-09 02:21 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-09-09 02:21 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2009-09-09 02:20 . 2009-06-04 12:33 512000 ----a-w- c:\windows\system32\jscript(377).dll 2009-09-09 02:18 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll 2009-09-09 02:18 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll 2009-09-09 02:18 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2009-09-09 02:18 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2009-09-09 02:18 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-08 03:01 . 2008-07-03 05:26 -------- d-----w- c:\programdata\avg8 2009-10-06 04:10 . 2008-09-25 20:17 1356 ----a-w- c:\users\Trevor Bayless\AppData\Local\d3d9caps.dat 2009-10-06 04:03 . 2009-04-02 05:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-10-06 03:08 . 2009-05-04 00:54 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\FUJIFILM 2009-10-04 00:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild 2009-10-03 08:26 . 2008-09-05 06:48 262144 ----a-w- c:\programdata\ntuser.dat 2009-10-02 19:53 . 2009-03-26 19:37 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\Skype 2009-10-02 18:53 . 2009-03-26 19:39 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\skypePM 2009-09-30 08:27 . 2005-04-08 02:16 1447 ---ha-w- c:\users\Trevor Bayless\AppData\Roaming\logs.dat 2009-09-17 07:05 . 2008-02-27 07:59 -------- d-----w- c:\programdata\HP 2009-09-17 07:02 . 2009-03-03 21:50 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-09-17 07:02 . 2009-08-17 21:52 -------- d-----r- c:\program files\Skype 2009-09-17 07:02 . 2008-09-05 07:34 -------- d-----w- c:\program files\Common Files\AOL 2009-09-16 09:06 . 2009-03-03 21:51 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\Thunderbird 2009-09-09 04:05 . 2009-06-27 03:28 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-28 12:39 . 2009-09-02 04:12 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-02 04:12 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-26 06:05 . 2009-08-26 06:05 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\OverDrive 2009-08-24 15:27 . 2008-07-03 05:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-24 15:27 . 2008-07-03 05:26 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-24 15:27 . 2008-07-03 05:26 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-17 21:52 . 2009-08-17 21:52 -------- d-----w- c:\program files\Common Files\Skype 2009-08-17 21:52 . 2009-03-26 19:37 -------- d-----w- c:\programdata\Skype 2009-08-15 05:51 . 2009-08-15 05:49 116891 ----a-w- c:\windows\hpqins00.dat 2009-08-14 18:04 . 2009-07-24 22:53 -------- d-----w- c:\program files\AIM 2009-07-22 18:29 . 2008-09-23 06:58 16 ----a-w- c:\windows\popcinfo.dat 2009-07-18 16:06 . 2009-07-29 06:10 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-07-29 06:10 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-07-29 06:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-17 14:35 . 2009-08-14 06:36 71680 ----a-w- c:\windows\system32\atl.dll 2009-07-14 13:00 . 2009-08-14 06:35 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-14 12:59 . 2009-08-14 06:35 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-14 12:58 . 2009-08-14 06:35 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-07-14 10:59 . 2009-08-14 06:35 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2008-06-29 03:09 . 2008-06-29 03:09 22 --sha-w- c:\windows\SMINST\HPCD.sys . ------- Sigcheck ------- [-] 2009-06-05 . 5B8AB8E9F38BC52ECD183B099093C2BD . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll [7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-24 2007832] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 2000 Series.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 2000 Series.lnk backup=c:\windows\pss\hp psc 2000 Series.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-647792776-3175287783-1131343854-1000] "EnableNotificationsRef"=dword:00000006 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{09EF94DC-ACB8-4E2D-B74E-8A2BD7C9154D}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{9D6B7519-1520-48FB-AF26-18D4E4DDEB8C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{5E66FD85-E4DD-4282-A960-63A599574477}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CB8E5433-1536-41EA-9D39-63612E2C6842}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{DC8556BE-7202-420F-B169-40E21FAF90A1}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{152A25A7-DCB2-4DE9-8C34-5C9FCC4F3497}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{2A1A24FA-B14A-4329-987E-390D55A05FCC}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{01CA4C70-B84A-412A-A500-A0FEE55BAFDA}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{B3CF36D9-405C-4A85-A083-EAD92E2B16C1}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{70C37D40-BB13-4C3F-9637-F9C08D8EBAED}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{07F0ED00-9FD9-4691-ACF1-14513B50A265}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{021C9578-BA60-4F5E-A957-17ED31D3C026}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{3082ECD7-67DC-49EC-9FCE-473475CA9259}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{3FE1AF5A-A07E-4DEA-8ED8-98BB2BCD43C4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{BD4CCCDF-1332-42FA-8E64-155701707D0B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{0FA89841-FBD7-49B2-AF7C-24253B3BDA0F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{D5EA77CD-B99A-4C6A-AE08-1BF60C89D81C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{7B08A8AE-EAB7-4FD6-8996-47F204EEE988}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{6E362EB1-6B27-4A55-92BA-077C2AF61511}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{EDBB261C-1ADF-4307-8766-FC3B5A24D4CB}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{DDE17F3A-1F0A-453B-8ABC-0842E6503951}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{C2D94599-7E52-4EF7-8C4F-6CF81AC85CEC}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{3D0032B9-1A37-4DFA-AB2F-475BEED93AB1}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{922B940E-E346-490A-ACCB-71B55CCBAB00}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{FD2EBE91-4667-4103-BB89-B4156177D765}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{D866D414-1178-49A6-AF19-0AD27C35E0B3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{1710736E-09BF-42C2-B824-3E76C319C704}"= UDP:f:\bittorrent\bittorrent.exe:BitTorrent (TCP-In) "{A686EE68-DA30-46CB-80E1-E8C640E028F4}"= TCP:f:\bittorrent\bittorrent.exe:BitTorrent (UDP-In) "{56A85505-CFFE-4E00-A610-71CB0AACF40D}"= UDP:c:\program files\AIM6\aim6.exe:AIM "{4FA1FF4C-D3ED-4613-808F-F1870BEA2B94}"= TCP:c:\program files\AIM6\aim6.exe:AIM "TCP Query User{37D7C7D4-3FEC-49AB-B017-18212ED9BB74}c:\\program files\\napster\\napster.exe"= UDP:c:\program files\napster\napster.exe:Napster "UDP Query User{8EEEAF88-A9D2-493E-916F-515088E1441C}c:\\program files\\napster\\napster.exe"= TCP:c:\program files\napster\napster.exe:Napster "{E417E465-9F8B-48E1-93CD-8BD5191542E3}"= UDP:c:\program files\DNA\btdna.exe:DNA "{14DC4610-8F79-4EF7-8D7E-CDD9268A5BB2}"= TCP:c:\program files\DNA\btdna.exe:DNA "{7C7C91D7-30DA-4D0F-A7D8-8A8545C7EA2C}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In) "{A524930D-FA8F-4596-83C2-8851F4742827}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In) "TCP Query User{E45B1A7D-705C-477C-8E68-3CA89154C233}f:\\steam\\steamapps\\blindmelon3\\counter-strike source\\hl2.exe"= UDP:f:\steam\steamapps\blindmelon3\counter-strike source\hl2.exe:hl2 "UDP Query User{33894ABA-E39E-40A0-A64B-3EFC0A877D24}f:\\steam\\steamapps\\blindmelon3\\counter-strike source\\hl2.exe"= TCP:f:\steam\steamapps\blindmelon3\counter-strike source\hl2.exe:hl2 "{41683363-C377-49AB-AD24-0EAFB3ECC821}"= UDP:f:\itunes\iTunes.exe:iTunes "{7091C9B6-F264-4784-856E-2E2E2EFB2050}"= TCP:f:\itunes\iTunes.exe:iTunes "{18FD4490-FECE-4955-8A49-4EB3EDC276AC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{F6780EFF-547D-46E5-93DE-7FB665E10454}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{6B7CC463-ED71-445C-A7DF-094443C14C7E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{2E817718-78B6-4F97-9E6C-7302254DB101}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{5D62AA80-255B-432B-9191-ED77FFD1C6E7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{CA7008FC-072D-45EB-971C-6FF9A13F6CDB}"= UDP:c:\program files\AIM6\aim.exe:AIM "{50C9694E-F9AB-440A-8782-837A0FC6061B}"= TCP:c:\program files\AIM6\aim.exe:AIM "{A5A01A53-36AA-4E3F-9927-91C638A85A2C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{7B6D4116-9214-4637-A6C3-91A0F00793EC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{8DBE5D37-8513-46E8-80EF-773D4B42AC3B}"= UDP:c:\program files\AIM\aim.exe:AIM "{57872C5F-EBBF-4C15-8F24-17B2C00F67F8}"= TCP:c:\program files\AIM\aim.exe:AIM [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "f:\\BitTorrent\\bittorrent.exe"= f:\bittorrent\bittorrent.exe:*:Enabled:BitTorrent "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/6/2009 12:57 AM 114768] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7/3/2008 12:26 AM 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [1/28/2009 9:07 AM 108552] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/6/2009 12:57 AM 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/6/2009 12:57 AM 53328] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/25/2009 10:54 AM 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/25/2009 10:54 AM 297752] R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808] S2 SBSDWSCService;SBSD Security Center Service;f:\spybot - search & destroy\Spybot - Search & Destroy\SDWinSec.exe --> f:\spybot - search & destroy\Spybot - Search & Destroy\SDWinSec.exe [?] S3 MovRVDrv32;MovRVDrv32;c:\windows\System32\drivers\MovRVDrv32.sys [9/21/2008 3:23 PM 3768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{6B670DA9-26F4-40B3-97F4-A76AC01FE9C3}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Trevor Bayless\AppData\Roaming\Mozilla\Firefox\Profiles\3uu6ctf3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false. - - - - ORPHANS REMOVED - - - - HKLM-Run-QlbCtrl - c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\f*P%,%Z%k%] "Successes"=dword:e0000000 "Failures"=dword:e0000001 "{2ECA5146-EAD9-49DC-B3F2-40B20013E605}"=hex:00,18,39,e9,71,1a,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE c:\windows\System32\igfxsrvc.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\Apoint2K\ApMsgFwd.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe . ************************************************************************** . Completion time: 2009-10-08 22:40 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-08 03:40 Pre-Run: 174,799,912,960 bytes free Post-Run: 174,574,010,368 bytes free 329 --- E O F --- 2009-10-07 20:08 |
|
|
|
|
10-07-2009, 10:16 PM
|
#11 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,859
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hi shyguy,
Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Open notepad and copy/paste the text in the code box below into it: Quote:
in the same location as ComboFix.exe *************************************************** Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ***************************************************  Refering to the picture above, drag CFScript into ComboFix.exe When finished, post the C:\ComboFix.txt ----------------------------------------------- I am seeing 2 Anti Virus programs installed - AVG and Avast. It's never a good idea to have more than 1 AV installed at a given time. You'll need to choose which one you want to keep and uninstall the other via the Add or Remove programs panel. Can you access those Anti Virus programs, or are you still getting 'access denied' messages for those? |
|
|
|
|
|
10-07-2009, 11:28 PM
|
#12 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Thanks for your quick reply. As far as the Anti Virus programs go, it would not let me uninstall normally in regular mode, therefore I had to use Safe Mode and uninstall Avast. When I rebooted, my AVG will not let me in, it keeps saying 'Access denied', as do MANY files I try opening on my computer. I have the RSIT.exe on my desktop, and it will not let me delete it because it keeps saying: Windows cannot access, you may not have the appropriate permissions to access the item. I did run the ComboFix again by putting the ComboFix.txt in it. Here is the outcome below:
ComboFix 09-10-06.04 - Trevor Bayless 10/08/2009 0:05.2.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1020 [GMT -5:00] Running from: c:\users\Trevor Bayless\Downloads\ComboFix.exe Command switches used :: c:\users\Trevor Bayless\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll --> c:\windows\System32\shsvcs.dll . ((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 ))))))))))))))))))))))))))))))) . 2009-10-08 05:10 . 2009-10-08 05:10 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-10-08 05:10 . 2009-10-08 05:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-08 03:32 . 2009-10-08 05:11 -------- d-----w- c:\users\Trevor Bayless\AppData\Local\temp 2009-10-07 20:05 . 2009-10-08 00:17 -------- d-----w- c:\program files\trend micro 2009-10-07 20:05 . 2009-10-07 20:05 -------- d-----w- C:\rsit 2009-10-06 05:57 . 2009-10-06 05:57 -------- d-----w- c:\program files\Alwil Software 2009-10-06 03:46 . 2009-10-08 04:40 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-06 02:45 . 2009-10-08 02:58 0 ----a-r- c:\windows\win32k.sys 2009-10-06 01:48 . 2009-10-06 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-05 20:43 . 2009-10-05 21:00 -------- d-----w- c:\programdata\SITEguard 2009-10-05 20:42 . 2009-10-06 00:41 -------- d-----w- c:\programdata\STOPzilla! 2009-10-05 20:42 . 2009-10-05 20:42 -------- d-----w- c:\program files\Common Files\iS3 2009-10-05 17:37 . 2009-10-05 17:37 -------- d-----w- c:\programdata\WindowsSearch 2009-10-04 05:38 . 2009-10-06 00:43 -------- d-----w- c:\program files\Hide My IP 2009 2009-10-02 19:23 . 2009-10-02 19:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-10-02 19:22 . 2009-10-02 19:22 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\SUPERAntiSpyware.com 2009-09-16 08:46 . 2009-10-08 03:57 -------- d-----w- c:\program files\Mozilla Thunderbird 3.0 Beta 3 2009-09-09 02:21 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-09-09 02:21 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll 2009-09-09 02:21 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-09-09 02:21 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-09-09 02:21 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-09-09 02:21 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-09-09 02:21 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-09-09 02:21 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-09-09 02:21 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-09-09 02:21 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2009-09-09 02:20 . 2009-06-04 12:33 512000 ----a-w- c:\windows\system32\jscript(377).dll 2009-09-09 02:18 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll 2009-09-09 02:18 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll 2009-09-09 02:18 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2009-09-09 02:18 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2009-09-09 02:18 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-08 04:37 . 2009-04-02 05:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-10-08 04:36 . 2009-04-30 08:13 -------- d-----w- c:\programdata\{B912DA22-7AAD-474B-8C8F-D82FF0C33BF5} 2009-10-06 04:10 . 2008-09-25 20:17 1356 ----a-w- c:\users\Trevor Bayless\AppData\Local\d3d9caps.dat 2009-10-06 03:08 . 2009-05-04 00:54 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\FUJIFILM 2009-10-04 00:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild 2009-10-03 08:26 . 2008-09-05 06:48 262144 ----a-w- c:\programdata\ntuser.dat 2009-10-02 19:53 . 2009-03-26 19:37 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\Skype 2009-10-02 18:53 . 2009-03-26 19:39 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\skypePM 2009-09-30 08:27 . 2005-04-08 02:16 1447 ---ha-w- c:\users\Trevor Bayless\AppData\Roaming\logs.dat 2009-09-17 07:05 . 2008-02-27 07:59 -------- d-----w- c:\programdata\HP 2009-09-17 07:02 . 2009-03-03 21:50 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-09-17 07:02 . 2009-08-17 21:52 -------- d-----r- c:\program files\Skype 2009-09-17 07:02 . 2008-09-05 07:34 -------- d-----w- c:\program files\Common Files\AOL 2009-09-16 09:06 . 2009-03-03 21:51 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\Thunderbird 2009-09-09 04:05 . 2009-06-27 03:28 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-28 12:39 . 2009-09-02 04:12 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-02 04:12 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-26 06:05 . 2009-08-26 06:05 -------- d-----w- c:\users\Trevor Bayless\AppData\Roaming\OverDrive 2009-08-17 21:52 . 2009-08-17 21:52 -------- d-----w- c:\program files\Common Files\Skype 2009-08-17 21:52 . 2009-03-26 19:37 -------- d-----w- c:\programdata\Skype 2009-08-15 05:51 . 2009-08-15 05:49 116891 ----a-w- c:\windows\hpqins00.dat 2009-08-14 18:04 . 2009-07-24 22:53 -------- d-----w- c:\program files\AIM 2009-07-22 18:29 . 2008-09-23 06:58 16 ----a-w- c:\windows\popcinfo.dat 2009-07-18 16:06 . 2009-07-29 06:10 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-07-29 06:10 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-07-29 06:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-17 14:35 . 2009-08-14 06:36 71680 ----a-w- c:\windows\system32\atl.dll 2009-07-14 13:00 . 2009-08-14 06:35 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-14 12:59 . 2009-08-14 06:35 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-14 12:58 . 2009-08-14 06:35 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-07-14 10:59 . 2009-08-14 06:35 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2008-06-29 03:09 . 2008-06-29 03:09 22 --sha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( SnapShot@2009-10-08_03.35.04 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-10-08 04:43 16096 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-10-08 04:43 89204 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2006-11-02 13:05 . 2009-10-08 03:24 89204 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-28 20:07 . 2009-10-08 04:43 16232 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-647792776-3175287783-1131343854-1000_UserData.bin - 2008-06-28 20:03 . 2009-10-08 03:35 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-28 20:03 . 2009-10-08 04:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-28 20:03 . 2009-10-08 04:59 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-28 20:03 . 2009-10-08 03:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-28 20:03 . 2009-10-08 04:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-28 20:03 . 2009-10-08 03:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-10-08 04:40 . 2009-10-08 04:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-10-08 04:40 . 2009-10-08 04:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-01-21 02:23 . 2009-06-05 20:49 240128 c:\windows\System32\uxtheme.dll + 2008-01-21 02:23 . 2008-01-21 02:23 240128 c:\windows\System32\uxtheme.dll - 2008-01-21 02:23 . 2009-06-05 20:49 615424 c:\windows\System32\themeui.dll + 2008-01-21 02:23 . 2008-01-21 02:23 615424 c:\windows\System32\themeui.dll + 2008-06-29 03:12 . 2009-10-08 04:39 582240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 2000 Series.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 2000 Series.lnk backup=c:\windows\pss\hp psc 2000 Series.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-647792776-3175287783-1131343854-1000] "EnableNotificationsRef"=dword:00000006 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{09EF94DC-ACB8-4E2D-B74E-8A2BD7C9154D}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{9D6B7519-1520-48FB-AF26-18D4E4DDEB8C}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{5E66FD85-E4DD-4282-A960-63A599574477}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CB8E5433-1536-41EA-9D39-63612E2C6842}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{DC8556BE-7202-420F-B169-40E21FAF90A1}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{152A25A7-DCB2-4DE9-8C34-5C9FCC4F3497}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{2A1A24FA-B14A-4329-987E-390D55A05FCC}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{01CA4C70-B84A-412A-A500-A0FEE55BAFDA}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{B3CF36D9-405C-4A85-A083-EAD92E2B16C1}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{70C37D40-BB13-4C3F-9637-F9C08D8EBAED}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{07F0ED00-9FD9-4691-ACF1-14513B50A265}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{021C9578-BA60-4F5E-A957-17ED31D3C026}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{3082ECD7-67DC-49EC-9FCE-473475CA9259}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{3FE1AF5A-A07E-4DEA-8ED8-98BB2BCD43C4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{BD4CCCDF-1332-42FA-8E64-155701707D0B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{7B08A8AE-EAB7-4FD6-8996-47F204EEE988}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{6E362EB1-6B27-4A55-92BA-077C2AF61511}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{EDBB261C-1ADF-4307-8766-FC3B5A24D4CB}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{DDE17F3A-1F0A-453B-8ABC-0842E6503951}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{C2D94599-7E52-4EF7-8C4F-6CF81AC85CEC}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{3D0032B9-1A37-4DFA-AB2F-475BEED93AB1}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{922B940E-E346-490A-ACCB-71B55CCBAB00}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{FD2EBE91-4667-4103-BB89-B4156177D765}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{D866D414-1178-49A6-AF19-0AD27C35E0B3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{1710736E-09BF-42C2-B824-3E76C319C704}"= UDP:f:\bittorrent\bittorrent.exe:BitTorrent (TCP-In) "{A686EE68-DA30-46CB-80E1-E8C640E028F4}"= TCP:f:\bittorrent\bittorrent.exe:BitTorrent (UDP-In) "{56A85505-CFFE-4E00-A610-71CB0AACF40D}"= UDP:c:\program files\AIM6\aim6.exe:AIM "{4FA1FF4C-D3ED-4613-808F-F1870BEA2B94}"= TCP:c:\program files\AIM6\aim6.exe:AIM "TCP Query User{37D7C7D4-3FEC-49AB-B017-18212ED9BB74}c:\\program files\\napster\\napster.exe"= UDP:c:\program files\napster\napster.exe:Napster "UDP Query User{8EEEAF88-A9D2-493E-916F-515088E1441C}c:\\program files\\napster\\napster.exe"= TCP:c:\program files\napster\napster.exe:Napster "{E417E465-9F8B-48E1-93CD-8BD5191542E3}"= UDP:c:\program files\DNA\btdna.exe:DNA "{14DC4610-8F79-4EF7-8D7E-CDD9268A5BB2}"= TCP:c:\program files\DNA\btdna.exe:DNA "{7C7C91D7-30DA-4D0F-A7D8-8A8545C7EA2C}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In) "{A524930D-FA8F-4596-83C2-8851F4742827}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In) "TCP Query User{E45B1A7D-705C-477C-8E68-3CA89154C233}f:\\steam\\steamapps\\blindmelon3\\counter-strike source\\hl2.exe"= UDP:f:\steam\steamapps\blindmelon3\counter-strike source\hl2.exe:hl2 "UDP Query User{33894ABA-E39E-40A0-A64B-3EFC0A877D24}f:\\steam\\steamapps\\blindmelon3\\counter-strike source\\hl2.exe"= TCP:f:\steam\steamapps\blindmelon3\counter-strike source\hl2.exe:hl2 "{41683363-C377-49AB-AD24-0EAFB3ECC821}"= UDP:f:\itunes\iTunes.exe:iTunes "{7091C9B6-F264-4784-856E-2E2E2EFB2050}"= TCP:f:\itunes\iTunes.exe:iTunes "{18FD4490-FECE-4955-8A49-4EB3EDC276AC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{F6780EFF-547D-46E5-93DE-7FB665E10454}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{6B7CC463-ED71-445C-A7DF-094443C14C7E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{2E817718-78B6-4F97-9E6C-7302254DB101}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{5D62AA80-255B-432B-9191-ED77FFD1C6E7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{CA7008FC-072D-45EB-971C-6FF9A13F6CDB}"= UDP:c:\program files\AIM6\aim.exe:AIM "{50C9694E-F9AB-440A-8782-837A0FC6061B}"= TCP:c:\program files\AIM6\aim.exe:AIM "{A5A01A53-36AA-4E3F-9927-91C638A85A2C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{7B6D4116-9214-4637-A6C3-91A0F00793EC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{8DBE5D37-8513-46E8-80EF-773D4B42AC3B}"= UDP:c:\program files\AIM\aim.exe:AIM "{57872C5F-EBBF-4C15-8F24-17B2C00F67F8}"= TCP:c:\program files\AIM\aim.exe:AIM [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "f:\\BitTorrent\\bittorrent.exe"= f:\bittorrent\bittorrent.exe:*:Enabled:BitTorrent "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808] S3 MovRVDrv32;MovRVDrv32;c:\windows\System32\drivers\MovRVDrv32.sys [9/21/2008 3:23 PM 3768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{6B670DA9-26F4-40B3-97F4-A76AC01FE9C3}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Trevor Bayless\AppData\Roaming\Mozilla\Firefox\Profiles\3uu6ctf3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false. - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-08 00:11 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\f*P%,%Z%k%] "Successes"=dword:e0000000 "Failures"=dword:e0000001 "{2ECA5146-EAD9-49DC-B3F2-40B20013E605}"=hex:00,18,39,e9,71,1a,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-10-08 0:13 ComboFix-quarantined-files.txt 2009-10-08 05:13 ComboFix2.txt 2009-10-08 03:40 Pre-Run: 174,727,835,648 bytes free Post-Run: 174,685,032,448 bytes free 262 --- E O F --- 2009-10-07 20:08 |
|
|
|
|
10-08-2009, 05:25 AM
|
#13 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,859
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hi shyguy,
Download Junction.zip and save it to your desktop. Double click the junction.zip and extract to your desktop. Next, open Notepad and copy/paste the contents in the quote box below, into Notepad. Quote:
It should look like this: 
|
|
|
|
|
|
10-08-2009, 10:34 AM
|
#14 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hey! Here is the log from junction.bat below:
Junction v1.05 - Windows junction creator and reparse point viewer Copyright (C) 2000-2007 Mark Russinovich Systems Internals - http://www.sysinternals.com \\?\c:\\Documents and Settings: JUNCTION Print Name : c:\Users Substitute Name: c:\Users Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... .. Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe: Access is denied. Failed to open \\?\c:\\Program Files\trend micro\Trevor Bayless.exe: Access is denied. . \\?\c:\\ProgramData\Application Data: JUNCTION Print Name : c:\ProgramData Substitute Name: c:\ProgramData \\?\c:\\ProgramData\Desktop: JUNCTION Print Name : c:\Users\Public\Desktop Substitute Name: c:\Users\Public\Desktop \\?\c:\\ProgramData\Documents: JUNCTION Print Name : c:\Users\Public\Documents Substitute Name: c:\Users\Public\Documents \\?\c:\\ProgramData\Favorites: JUNCTION Print Name : c:\Users\Public\Favorites Substitute Name: c:\Users\Public\Favorites \\?\c:\\ProgramData\Start Menu: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Start Menu Substitute Name: c:\ProgramData\Microsoft\Windows\Start Menu \\?\c:\\ProgramData\Templates: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Templates Substitute Name: c:\ProgramData\Microsoft\Windows\Templates . Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d01204a0294f878ccfc90f86a6d9550_b6f4ef62-bf5c-4674-87cc-43aa9fb14601: Access is denied. .. ... ... ... Failed to open \\?\c:\\System Volume Information\MountPointManagerRemoteDatabase: Access is denied. Failed to open \\?\c:\\System Volume Information\{08ed64b2-adf7-11de-a43d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{0e6894be-b1cd-11de-bf87-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{0e6894c4-b1cd-11de-bf87-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{16325e2b-ad91-11de-9738-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{38c93770-a704-11de-b2cb-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{38c93776-a704-11de-b2cb-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{3e66b09e-b2e7-11de-af3f-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{3f57eac3-af83-11de-91ec-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{3f57ead8-af83-11de-91ec-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{3f57eb04-af83-11de-91ec-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{42fffa0b-b3bd-11de-9b15-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{42fffa11-b3bd-11de-9b15-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{42fffa1d-b3bd-11de-9b15-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{503bde23-b37a-11de-9fe8-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{6225aeb2-b1ca-11de-bc30-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{6225aedf-b1ca-11de-bc30-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{6b84a9dc-ac87-11de-9939-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{78db5eea-abc9-11de-8a86-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{7b69c8f0-a32c-11de-b79f-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{7b69c8f6-a32c-11de-b79f-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{81adc1ba-b07a-11de-bfee-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{81adc1c6-b07a-11de-bfee-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{8b2b0280-a87c-11de-8685-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{8d4bdd83-a167-11de-b294-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{a5ec75e0-b20f-11de-a6f3-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{a5ec75e6-b20f-11de-a6f3-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{a5ec75fa-b20f-11de-a6f3-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b0322851-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b0322857-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b032287e-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b0322884-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b032289b-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b03228a1-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b03228a7-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b03228b0-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b03228b6-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{ea7ae7e6-b1ea-11de-9f6e-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{ea7ae7ec-b1ea-11de-9f6e-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{ecd82511-a401-11de-806f-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\SystemRestore\System Volume Information: Access is denied. .\\?\c:\\Users\All Users: UNKNOWN MICROSOFT REPARSE POINT \\?\c:\\Users\Default User: JUNCTION Print Name : c:\Users\Default Substitute Name: c:\Users\Default \\?\c:\\Users\All Users\Application Data: JUNCTION Print Name : c:\ProgramData Substitute Name: c:\ProgramData \\?\c:\\Users\All Users\Desktop: JUNCTION Print Name : c:\Users\Public\Desktop Substitute Name: c:\Users\Public\Desktop \\?\c:\\Users\All Users\Documents: JUNCTION Print Name : c:\Users\Public\Documents Substitute Name: c:\Users\Public\Documents \\?\c:\\Users\All Users\Favorites: JUNCTION Print Name : c:\Users\Public\Favorites Substitute Name: c:\Users\Public\Favorites \\?\c:\\Users\All Users\Start Menu: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Start Menu Substitute Name: c:\ProgramData\Microsoft\Windows\Start Menu \\?\c:\\Users\All Users\Templates: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Templates Substitute Name: c:\ProgramData\Microsoft\Windows\Templates .. Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9d01204a0294f878ccfc90f86a6d9550_b6f4ef62-bf5c-4674-87cc-43aa9fb14601: Access is denied. ... \\?\c:\\Users\Default\Application Data: JUNCTION Print Name : c:\Users\Default\AppData\Roaming Substitute Name: c:\Users\Default\AppData\Roaming \\?\c:\\Users\Default\Local Settings: JUNCTION Print Name : c:\Users\Default\AppData\Local Substitute Name: c:\Users\Default\AppData\Local \\?\c:\\Users\Default\My Documents: JUNCTION Print Name : c:\Users\Default\Documents Substitute Name: c:\Users\Default\Documents \\?\c:\\Users\Default\NetHood: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts \\?\c:\\Users\Default\PrintHood: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts \\?\c:\\Users\Default\Recent: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent \\?\c:\\Users\Default\SendTo: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo \\?\c:\\Users\Default\Start Menu: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu \\?\c:\\Users\Default\Templates: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates \\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION Print Name : c:\Users\Default\AppData\Local Substitute Name: c:\Users\Default\AppData\Local \\?\c:\\Users\Default\AppData\Local\History: JUNCTION Print Name : c:\Users\Default\AppData\Local\Microsoft\Windows\History Substitute Name: c:\Users\Default\AppData\Local\Microsoft\Windows\History \\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION Print Name : c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files \\?\c:\\Users\Default\Documents\My Music: JUNCTION Print Name : c:\Users\Default\Music Substitute Name: c:\Users\Default\Music \\?\c:\\Users\Default\Documents\My Pictures: JUNCTION Print Name : c:\Users\Default\Pictures Substitute Name: c:\Users\Default\Pictures \\?\c:\\Users\Default\Documents\My Videos: JUNCTION Print Name : c:\Users\Default\Videos Substitute Name: c:\Users\Default\Videos \\?\c:\\Users\Public\Documents\My Music: JUNCTION Print Name : c:\Users\Public\Music Substitute Name: c:\Users\Public\Music \\?\c:\\Users\Public\Documents\My Pictures: JUNCTION Print Name : c:\Users\Public\Pictures Substitute Name: c:\Users\Public\Pictures \\?\c:\\Users\Public\Documents\My Videos: JUNCTION Print Name : c:\Users\Public\Videos Substitute Name: c:\Users\Public\Videos \\?\c:\\Users\Trevor Bayless\Application Data: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming \\?\c:\\Users\Trevor Bayless\Cookies: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Cookies Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Cookies \\?\c:\\Users\Trevor Bayless\Local Settings: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local Substitute Name: C:\Users\Trevor Bayless\AppData\Local \\?\c:\\Users\Trevor Bayless\My Documents: JUNCTION Print Name : C:\Users\Trevor Bayless\Documents Substitute Name: C:\Users\Trevor Bayless\Documents \\?\c:\\Users\Trevor Bayless\NetHood: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Network Shortcuts \\?\c:\\Users\Trevor Bayless\PrintHood: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Printer Shortcuts \\?\c:\\Users\Trevor Bayless\Recent: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Recent \\?\c:\\Users\Trevor Bayless\SendTo: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\SendTo \\?\c:\\Users\Trevor Bayless\Start Menu: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Start Menu \\?\c:\\Users\Trevor Bayless\Templates: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Templates \\?\c:\\Users\Trevor Bayless\AppData\Local\Application Data: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local Substitute Name: C:\Users\Trevor Bayless\AppData\Local \\?\c:\\Users\Trevor Bayless\AppData\Local\History: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\History Substitute Name: C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\History \\?\c:\\Users\Trevor Bayless\AppData\Local\Temporary Internet Files: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\Temporary Internet Files ... ... ... ... ... ... ... Failed to open \\?\c:\\Users\Trevor Bayless\Desktop\RSIT.exe: Access is denied. \\?\c:\\Users\Trevor Bayless\Documents\My Music: JUNCTION Print Name : C:\Users\Trevor Bayless\Music Substitute Name: C:\Users\Trevor Bayless\Music \\?\c:\\Users\Trevor Bayless\Documents\My Pictures: JUNCTION Print Name : C:\Users\Trevor Bayless\Pictures Substitute Name: C:\Users\Trevor Bayless\Pictures \\?\c:\\Users\Trevor Bayless\Documents\My Videos: JUNCTION Print Name : C:\Users\Trevor Bayless\Videos Substitute Name: C:\Users\Trevor Bayless\Videos . Failed to open \\?\c:\\Users\Trevor Bayless\Downloads\RSIT(2).exe: Access is denied. Failed to open \\?\c:\\Users\Trevor Bayless\Downloads\RSIT.exe: Access is denied. ..\\?\c:\\Windows\AppPatch\Custom\Custom: MOUNT POINT Substitute Name: \Device\__max++>\^ ..\\?\c:\\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\assembly\temp\temp: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\assembly\tmp\tmp: MOUNT POINT Substitute Name: \Device\__max++>\^ .\\?\c:\\Windows\ehome\CreateDisc\style\style: MOUNT POINT Substitute Name: \Device\__max++>\^ .\\?\c:\\Windows\Globalization\Globalization: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\Help\Corporate\Corporate: MOUNT POINT Substitute Name: \Device\__max++>\^ .. \\?\c:\\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518: MOUNT POINT Substitute Name: \Device\__max++>\^ .\\?\c:\\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\LiveKernelReports\LiveKernelReports: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\Microsoft.NET\authman\authman: MOUNT POINT Substitute Name: \Device\__max++>\^ ..\\?\c:\\Windows\ModemLogs\ModemLogs: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\nap\configuration\configuration: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\Options\Cabs\Cabs: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\PIF\PIF: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\PLA\Templates\Templates: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\registration\CRMLog\CRMLog: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SchCache\SchCache: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\security\logs\logs: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\security\templates\templates: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\Desktop\Desktop: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\Documents\Documents: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\Downloads\Downloads: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\Favorites\Favorites: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\Links\Links: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\Music\Music: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\Pictures\Pictures: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\LocalService\Videos\Videos: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\Desktop\Desktop: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\Documents\Documents: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\Downloads\Downloads: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\Favorites\Favorites: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\Links\Links: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\Music\Music: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\Pictures\Pictures: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\ServiceProfiles\NetworkService\Videos\Videos: MOUNT POINT Substitute Name: \Device\__max++>\^ ... \\?\c:\\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded: MOUNT POINT Substitute Name: \Device\__max++>\^ .\\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehepg_31bf3856ad364e35_6.0.6000.16679_none_d97a4d2ed1f284d2\msil_ehepg_31bf3856ad364e35_6.0.6000.16679_none_d97a4d2ed1f284d2: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehepg_31bf3856ad364e35_6.0.6000.20821_none_da31f92beaeecb56\msil_ehepg_31bf3856ad364e35_6.0.6000.20821_none_da31f92beaeecb56: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehexthost_31bf3856ad364e35_6.0.6000.16679_none_bcbfc9e4c1e1e81d\msil_ehexthost_31bf3856ad364e35_6.0.6000.16679_none_bcbfc9e4c1e1e81d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehexthost_31bf3856ad364e35_6.0.6000.20821_none_bd7775e1dade2ea1\msil_ehexthost_31bf3856ad364e35_6.0.6000.20821_none_bd7775e1dade2ea1: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehiextens_31bf3856ad364e35_6.0.6000.16679_none_fba2d0c909e74612\msil_ehiextens_31bf3856ad364e35_6.0.6000.16679_none_fba2d0c909e74612: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehiextens_31bf3856ad364e35_6.0.6000.20821_none_fc5a7cc622e38c96\msil_ehiextens_31bf3856ad364e35_6.0.6000.20821_none_fc5a7cc622e38c96: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehshell_31bf3856ad364e35_6.0.6000.16679_none_896d686f44a61324\msil_ehshell_31bf3856ad364e35_6.0.6000.16679_none_896d686f44a61324: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehshell_31bf3856ad364e35_6.0.6000.20821_none_8a25146c5da259a8\msil_ehshell_31bf3856ad364e35_6.0.6000.20821_none_8a25146c5da259a8: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehshell_31bf3856ad364e35_6.0.6001.18061_none_8b5674b141cbbd6c\msil_ehshell_31bf3856ad364e35_6.0.6001.18061_none_8b5674b141cbbd6c: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_ehshell_31bf3856ad364e35_6.0.6001.22165_none_8be412a45ae5c292\msil_ehshell_31bf3856ad364e35_6.0.6001.22165_none_8be412a45ae5c292: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16679_none_4e6b0c2698ea89ba\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16679_none_4e6b0c2698ea89ba: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20821_none_4f22b823b1e6d03e\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20821_none_4f22b823b1e6d03e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16679_none_30f95ad65a3e86d4\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16679_none_30f95ad65a3e86d4: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20821_none_31b106d3733acd58\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20821_none_31b106d3733acd58: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18061_none_32e267185764311c\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18061_none_32e267185764311c: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22165_none_3370050b707e3642\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22165_none_3370050b707e3642: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16679_none_2354b3c9cf56f2ea\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16679_none_2354b3c9cf56f2ea: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20821_none_240c5fc6e853396e\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20821_none_240c5fc6e853396e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_mcupdate_31bf3856ad364e35_6.0.6000.16679_none_c673e63faed8754d\x86_mcupdate_31bf3856ad364e35_6.0.6000.16679_none_c673e63faed8754d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_mcupdate_31bf3856ad364e35_6.0.6000.20821_none_c72b923cc7d4bbd1\x86_mcupdate_31bf3856ad364e35_6.0.6000.20821_none_c72b923cc7d4bbd1: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_mcupdate_31bf3856ad364e35_6.0.6001.18061_none_c85cf281abfe1f95\x86_mcupdate_31bf3856ad364e35_6.0.6001.18061_none_c85cf281abfe1f95: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_mcupdate_31bf3856ad364e35_6.0.6001.22165_none_c8ea9074c51824bb\x86_mcupdate_31bf3856ad364e35_6.0.6001.22165_none_c8ea9074c51824bb: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16679_none_2db4cba1854c2050\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16679_none_2db4cba1854c2050: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20821_none_2e6c779e9e4866d4\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20821_none_2e6c779e9e4866d4: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16679_none_2d12eef96d2c252b\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16679_none_2d12eef96d2c252b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20821_none_2dca9af686286baf\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20821_none_2dca9af686286baf: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18061_none_2efbfb3b6a51cf73\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18061_none_2efbfb3b6a51cf73: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22165_none_2f89992e836bd499\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22165_none_2f89992e836bd499: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16679_none_4fe31875538242d1\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16679_none_4fe31875538242d1: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20821_none_509ac4726c7e8955\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20821_none_509ac4726c7e8955: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16679_none_3693dda116ea05e6\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16679_none_3693dda116ea05e6: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20821_none_374b899e2fe64c6a\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20821_none_374b899e2fe64c6a: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16679_none_39e223022e478d8d\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16679_none_39e223022e478d8d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20821_none_3a99ceff4743d411\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20821_none_3a99ceff4743d411: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16679_none_cc9b30cbcc71d8eb\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16679_none_cc9b30cbcc71d8eb: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20821_none_cd52dcc8e56e1f6f\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20821_none_cd52dcc8e56e1f6f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18061_none_ce843d0dc9978333\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18061_none_ce843d0dc9978333: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22165_none_cf11db00e2b18859\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22165_none_cf11db00e2b18859: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16679_none_de4f2af09170b787\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16679_none_de4f2af09170b787: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20821_none_df06d6edaa6cfe0b\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20821_none_df06d6edaa6cfe0b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18061_none_e03837328e9661cf\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18061_none_e03837328e9661cf: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22165_none_e0c5d525a7b066f5\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22165_none_e0c5d525a7b066f5: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\Sun\Java\Deployment\Deployment: MOUNT POINT Substitute Name: \Device\__max++>\^ .. ... .\\?\c:\\Windows\System32\config\systemprofile\Application Data: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming \\?\c:\\Windows\System32\config\systemprofile\Local Settings: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local \\?\c:\\Windows\System32\config\systemprofile\My Documents: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Documents Substitute Name: C:\Windows\system32\config\systemprofile\Documents \\?\c:\\Windows\System32\config\systemprofile\NetHood: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts \\?\c:\\Windows\System32\config\systemprofile\PrintHood: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts \\?\c:\\Windows\System32\config\systemprofile\Recent: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent \\?\c:\\Windows\System32\config\systemprofile\SendTo: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo \\?\c:\\Windows\System32\config\systemprofile\Start Menu: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu \\?\c:\\Windows\System32\config\systemprofile\Templates: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Application Data: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\History: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files \\?\c:\\Windows\System32\config\systemprofile\Documents\My Music: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Music Substitute Name: C:\Windows\system32\config\systemprofile\Music \\?\c:\\Windows\System32\config\systemprofile\Documents\My Pictures: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Pictures Substitute Name: C:\Windows\system32\config\systemprofile\Pictures \\?\c:\\Windows\System32\config\systemprofile\Documents\My Videos: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Videos Substitute Name: C:\Windows\system32\config\systemprofile\Videos .. ... ... ... ... ... ... .. Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied. . ...\\?\c:\\Windows\Temp2\Temp2: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\tracing\tracing: MOUNT POINT Substitute Name: \Device\__max++>\^ ... ... ... ... ... ... \\?\c:\\Windows\winsxs\InstallTemp\InstallTemp: MOUNT POINT Substitute Name: \Device\__max++>\^ ... ... ... ... ... ... ... ... ...\\?\c:\\Windows\winsxs\Temp\00013fe3673aca0125080000a4147408\00013fe3673aca0125080000a4147408: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\00ba192cda1dca0125000000800a1013\00ba192cda1dca0125000000800a1013: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\0480c039ab0cca01250000005008d400\0480c039ab0cca01250000005008d400: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\05a61f806c0aca01250000008008e00e\05a61f806c0aca01250000008008e00e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\05dc6dc5fc32ca017c100000f80e980d\05dc6dc5fc32ca017c100000f80e980d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\092a1e014c13ca0125000000180ffc0d\092a1e014c13ca0125000000180ffc0d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\0ec7659a8307ca01250000008011e814\0ec7659a8307ca01250000008011e814: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\0f322485ca24ca0125000000580fd80e\0f322485ca24ca0125000000580fd80e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\0f5eac9ea001ca011900000038130c10\0f5eac9ea001ca011900000038130c10: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\175afe02f016ca01250000004c0dc40c\175afe02f016ca01250000004c0dc40c: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\17f1019763ffc9011900000070098814\17f1019763ffc9011900000070098814: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\1cfd490d6212ca01250000003c0e940a\1cfd490d6212ca01250000003c0e940a: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\1ee6f94f182aca0125000000ac0d6410\1ee6f94f182aca0125000000ac0d6410: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\206d98e9aff7c90119000000a409a005\206d98e9aff7c90119000000a409a005: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\227dcf8ba9f4c90119000000e8060817\227dcf8ba9f4c90119000000e8060817: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\25a3ae1ded20ca0125080000900ce812\25a3ae1ded20ca0125080000900ce812: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\26993cb79315ca0125000000ac00b80f\26993cb79315ca0125000000ac00b80f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\27cbeac09934ca012508000074103012\27cbeac09934ca012508000074103012: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\27e0cc124500ca01190000005004d003\27e0cc124500ca01190000005004d003: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\2914d1fc0f38ca0125080000fc074405\2914d1fc0f38ca0125080000fc074405: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\3034128dc92aca0125000000ac0c700e\3034128dc92aca0125000000ac0c700e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\3042d9927535ca01250800009409b00b\3042d9927535ca01250800009409b00b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\308ed35f25f0c901190000004c0d9814\308ed35f25f0c901190000004c0d9814: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\361478ea070bca01250000000405800e\361478ea070bca01250000000405800e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\3d1d0bad3a37ca0125080000e80a8403\3d1d0bad3a37ca0125080000e80a8403: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\3d88f1da2820ca01250000009803a00b\3d88f1da2820ca01250000009803a00b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\4271fb6b1024ca01250000001402900e\4271fb6b1024ca01250000001402900e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\4dc06c1c2315ca01250000002c05540e\4dc06c1c2315ca01250000002c05540e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5039ae992308ca0125000000c416f017\5039ae992308ca0125000000c416f017: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5064a9b47306ca0125000000180f580f\5064a9b47306ca0125000000180f580f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\50e502954f19ca01250000009c08d007\50e502954f19ca01250000009c08d007: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\50fe16bc49f9c9011900000054115013\50fe16bc49f9c9011900000054115013: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\55577b25fdf9c901190000009811ac13\55577b25fdf9c901190000009811ac13: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5657ca77c20dca0125000000ac005c03\5657ca77c20dca0125000000ac005c03: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\56e01806ba31ca0125000000c0117414\56e01806ba31ca0125000000c0117414: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5a6c10c1c803ca0119000000c00fd80e\5a6c10c1c803ca0119000000c00fd80e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5bdf92815f04ca01190000005015d817\5bdf92815f04ca01190000005015d817: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5c1d24b6d73fca0125080000480a8009\5c1d24b6d73fca0125080000480a8009: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5eb9ba650b03ca011900000008044c08\5eb9ba650b03ca011900000008044c08: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\6017e6785332ca0125000000000f9801\6017e6785332ca0125000000000f9801: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\60606c685102ca01190000007411e013\60606c685102ca01190000007411e013: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\60a61ac7421dca0125000000c4123c06\60a61ac7421dca0125000000c4123c06: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\60bb22624af5c90119000000e8088403\60bb22624af5c90119000000e8088403: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\693bdafbf400ca0119000000780e800f\693bdafbf400ca0119000000780e800f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\6c33e5110ff4c90119000000900cfc09\6c33e5110ff4c90119000000900cfc09: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\7ddef528f80bca01250000005008980f\7ddef528f80bca01250000005008980f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\807dc236ef46ca012500000050092812\807dc236ef46ca012500000050092812: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\808a20e4d3f6c901b9000000f0179017\808a20e4d3f6c901b9000000f0179017: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\8261def5e417ca019a0800001015dc11\8261def5e417ca019a0800001015dc11: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\856bc1a084efc90119000000c00b480f\856bc1a084efc90119000000c00b480f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\8bab4c1c4520ca01ff070000380fec08\8bab4c1c4520ca01ff070000380fec08: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\8dac1548b8fac901190000001c13680d\8dac1548b8fac901190000001c13680d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\8ef430d95936ca0125080000bc0f5409\8ef430d95936ca0125080000bc0f5409: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\9047a40c9a18ca0125000000940ff80b\9047a40c9a18ca0125000000940ff80b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\906a309e3a30ca012500000058142813\906a309e3a30ca012500000058142813: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\9164440c910eca0125000000f80fc006\9164440c910eca0125000000f80fc006: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\95f3139acaebc901190000002807b010\95f3139acaebc901190000002807b010: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\986feea9212cca0125000000640f3801\986feea9212cca0125000000640f3801: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\9db34631811fca01250000001016280b\9db34631811fca01250000001016280b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\9f505d907dfbc90119000000200a8c05\9f505d907dfbc90119000000200a8c05: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\a102d757f2f0c901190000003016600f\a102d757f2f0c901190000003016600f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\a35c3bb2021aca01250000003005400d\a35c3bb2021aca01250000003005400d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\a8cef0f8d908ca01250000002015d410\a8cef0f8d908ca01250000002015d410: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\a9a7a671cc05ca0125000000e810280f\a9a7a671cc05ca0125000000e810280f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\af2177dd762bca0125000000d80d400f\af2177dd762bca0125000000d80d400f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\af4bf2beb7fec901190000003017000e\af4bf2beb7fec901190000003017000e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\b099e41bf9f5c90119000000700c8417\b099e41bf9f5c90119000000700c8417: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\b12ca835ad47ca0125000000fc04a00f\b12ca835ad47ca0125000000fc04a00f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\b3cefcdd550fca012500000004083002\b3cefcdd550fca012500000004083002: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\b547a1f695f8c901190000003805340a\b547a1f695f8c901190000003805340a: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\b5610e9a12fec90119000000040f780b\b5610e9a12fec90119000000040f780b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\c04ed4774ffdc9011900000080110013\c04ed4774ffdc9011900000080110013: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\c6b1c1ce0a3cca012508000080105412\c6b1c1ce0a3cca012508000080105412: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\c83873c7a02fca01250000000005980f\c83873c7a02fca01250000000005980f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\cdc9bf9d9811ca01250000001c03440b\cdc9bf9d9811ca01250000001c03440b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\cf67b448cff1c90119000000cc08080e\cf67b448cff1c90119000000cc08080e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d02b84a9f113ca0125000000e003700e\d02b84a9f113ca0125000000e003700e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d0527088a1f6c9011900000088060810\d0527088a1f6c9011900000088060810: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d06fa1e3d32cca0125000000280d7808\d06fa1e3d32cca0125000000280d7808: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d094fa533046ca0125000000c0113c16\d094fa533046ca0125000000c0113c16: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d420c3e58ef2c90119000000a008d40b\d420c3e58ef2c90119000000a008d40b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d6794306a822ca0125080000e0053c12\d6794306a822ca0125080000e0053c12: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d6837b56f12dca0125000000c80bd40c\d6837b56f12dca0125000000c80bd40c: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\dbcaa258193bca0125080000dc170016\dbcaa258193bca0125080000dc170016: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\e07e101af230ca01b10000001819bc08\e07e101af230ca01b10000001819bc08: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\ef624a80af3cca01250800007c0b2c0f\ef624a80af3cca01250800007c0b2c0f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f050c3123e16ca0125000000e007500e\f050c3123e16ca0125000000e007500e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f18f321da22eca0125000000ec161017\f18f321da22eca0125000000ec161017: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f3677b675bf3c90119000000b810d813\f3677b675bf3c90119000000b810d813: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f3c785b4edeec9011900000030151815\f3c785b4edeec9011900000030151815: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f4638b319540ca0125000000180d200e\f4638b319540ca0125000000180d200e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f641c8a830fcc901190000001410c803\f641c8a830fcc901190000001410c803: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\fed9f554b321ca01250800001c0e740c\fed9f554b321ca01250800001c0e740c: MOUNT POINT Substitute Name: \Device\__max++>\^ ... ... ... ... ... ... ... ... ... |
|
|
|
|
10-08-2009, 02:27 PM
|
#15 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,859
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
Delete your existing Win32kDiag.exe and download a fresh copy from here.
Then I'd like you to repeat this step... Click Start->Run, and copy-paste the following bolded text into the Run box, and click OK. "%userprofile%\desktop\win32kdiag.exe" -f -r When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. ===================================== Now run the junction.bat again and post that log as well. Last edited by Ried; 10-08-2009 at 02:28 PM. |
|
|
|
|
10-08-2009, 03:23 PM
|
#16 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
In this first post, I will post the Win32kdiag log that was given to me. In the next post after this one, I will post the junction.bat log. Thanks!
Running from: C:\Users\Trevor Bayless\Desktop\win32kdiag.exe Log file at : C:\Users\Trevor Bayless\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\Windows'... Found mount point : C:\Windows\AppPatch\Custom\Custom Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\AppPatch\Custom\Custom Found mount point : C:\Windows\ehome\CreateDisc\style\style Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\ehome\CreateDisc\style\style Found mount point : C:\Windows\Globalization\Globalization Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Globalization\Globalization Found mount point : C:\Windows\Microsoft.NET\authman\authman Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Microsoft.NET\authman\authman Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a: 3 Could not open reparse point C:\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0: 3 Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl [1] 2009-10-08 15:44:35 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl [1] 2009-10-08 15:42:28 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl [1] 2009-10-08 15:42:29 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl [1] 2009-10-08 15:42:28 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl [1] 2009-10-08 15:43:34 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl () Found mount point : C:\Windows\Temp2\Temp2 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\Temp2\Temp2 Found mount point : C:\Windows\tracing\tracing Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\tracing\tracing Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\InstallTemp\InstallTemp Found mount point : C:\Windows\winsxs\Temp\00013fe3673aca0125080000a4147408\00013fe3673aca0125080000a4147408 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\00013fe3673aca0125080000a4147408\00013fe3673aca0125080000a4147408 Found mount point : C:\Windows\winsxs\Temp\00ba192cda1dca0125000000800a1013\00ba192cda1dca0125000000800a1013 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\00ba192cda1dca0125000000800a1013\00ba192cda1dca0125000000800a1013 Found mount point : C:\Windows\winsxs\Temp\0480c039ab0cca01250000005008d400\0480c039ab0cca01250000005008d400 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\0480c039ab0cca01250000005008d400\0480c039ab0cca01250000005008d400 Found mount point : C:\Windows\winsxs\Temp\05a61f806c0aca01250000008008e00e\05a61f806c0aca01250000008008e00e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\05a61f806c0aca01250000008008e00e\05a61f806c0aca01250000008008e00e Found mount point : C:\Windows\winsxs\Temp\05dc6dc5fc32ca017c100000f80e980d\05dc6dc5fc32ca017c100000f80e980d Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\05dc6dc5fc32ca017c100000f80e980d\05dc6dc5fc32ca017c100000f80e980d Found mount point : C:\Windows\winsxs\Temp\092a1e014c13ca0125000000180ffc0d\092a1e014c13ca0125000000180ffc0d Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\092a1e014c13ca0125000000180ffc0d\092a1e014c13ca0125000000180ffc0d Found mount point : C:\Windows\winsxs\Temp\0ec7659a8307ca01250000008011e814\0ec7659a8307ca01250000008011e814 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\0ec7659a8307ca01250000008011e814\0ec7659a8307ca01250000008011e814 Found mount point : C:\Windows\winsxs\Temp\0f322485ca24ca0125000000580fd80e\0f322485ca24ca0125000000580fd80e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\0f322485ca24ca0125000000580fd80e\0f322485ca24ca0125000000580fd80e Found mount point : C:\Windows\winsxs\Temp\0f5eac9ea001ca011900000038130c10\0f5eac9ea001ca011900000038130c10 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\0f5eac9ea001ca011900000038130c10\0f5eac9ea001ca011900000038130c10 Found mount point : C:\Windows\winsxs\Temp\175afe02f016ca01250000004c0dc40c\175afe02f016ca01250000004c0dc40c Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\175afe02f016ca01250000004c0dc40c\175afe02f016ca01250000004c0dc40c Found mount point : C:\Windows\winsxs\Temp\17f1019763ffc9011900000070098814\17f1019763ffc9011900000070098814 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\17f1019763ffc9011900000070098814\17f1019763ffc9011900000070098814 Found mount point : C:\Windows\winsxs\Temp\1cfd490d6212ca01250000003c0e940a\1cfd490d6212ca01250000003c0e940a Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\1cfd490d6212ca01250000003c0e940a\1cfd490d6212ca01250000003c0e940a Found mount point : C:\Windows\winsxs\Temp\1ee6f94f182aca0125000000ac0d6410\1ee6f94f182aca0125000000ac0d6410 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\1ee6f94f182aca0125000000ac0d6410\1ee6f94f182aca0125000000ac0d6410 Found mount point : C:\Windows\winsxs\Temp\206d98e9aff7c90119000000a409a005\206d98e9aff7c90119000000a409a005 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\206d98e9aff7c90119000000a409a005\206d98e9aff7c90119000000a409a005 Found mount point : C:\Windows\winsxs\Temp\227dcf8ba9f4c90119000000e8060817\227dcf8ba9f4c90119000000e8060817 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\227dcf8ba9f4c90119000000e8060817\227dcf8ba9f4c90119000000e8060817 Found mount point : C:\Windows\winsxs\Temp\25a3ae1ded20ca0125080000900ce812\25a3ae1ded20ca0125080000900ce812 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\25a3ae1ded20ca0125080000900ce812\25a3ae1ded20ca0125080000900ce812 Found mount point : C:\Windows\winsxs\Temp\26993cb79315ca0125000000ac00b80f\26993cb79315ca0125000000ac00b80f Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\26993cb79315ca0125000000ac00b80f\26993cb79315ca0125000000ac00b80f Found mount point : C:\Windows\winsxs\Temp\27cbeac09934ca012508000074103012\27cbeac09934ca012508000074103012 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\27cbeac09934ca012508000074103012\27cbeac09934ca012508000074103012 Found mount point : C:\Windows\winsxs\Temp\27e0cc124500ca01190000005004d003\27e0cc124500ca01190000005004d003 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\27e0cc124500ca01190000005004d003\27e0cc124500ca01190000005004d003 Found mount point : C:\Windows\winsxs\Temp\2914d1fc0f38ca0125080000fc074405\2914d1fc0f38ca0125080000fc074405 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\2914d1fc0f38ca0125080000fc074405\2914d1fc0f38ca0125080000fc074405 Found mount point : C:\Windows\winsxs\Temp\3034128dc92aca0125000000ac0c700e\3034128dc92aca0125000000ac0c700e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\3034128dc92aca0125000000ac0c700e\3034128dc92aca0125000000ac0c700e Found mount point : C:\Windows\winsxs\Temp\3042d9927535ca01250800009409b00b\3042d9927535ca01250800009409b00b Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\3042d9927535ca01250800009409b00b\3042d9927535ca01250800009409b00b Found mount point : C:\Windows\winsxs\Temp\308ed35f25f0c901190000004c0d9814\308ed35f25f0c901190000004c0d9814 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\308ed35f25f0c901190000004c0d9814\308ed35f25f0c901190000004c0d9814 Found mount point : C:\Windows\winsxs\Temp\361478ea070bca01250000000405800e\361478ea070bca01250000000405800e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\361478ea070bca01250000000405800e\361478ea070bca01250000000405800e Found mount point : C:\Windows\winsxs\Temp\3d1d0bad3a37ca0125080000e80a8403\3d1d0bad3a37ca0125080000e80a8403 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\3d1d0bad3a37ca0125080000e80a8403\3d1d0bad3a37ca0125080000e80a8403 Found mount point : C:\Windows\winsxs\Temp\3d88f1da2820ca01250000009803a00b\3d88f1da2820ca01250000009803a00b Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\3d88f1da2820ca01250000009803a00b\3d88f1da2820ca01250000009803a00b Found mount point : C:\Windows\winsxs\Temp\4271fb6b1024ca01250000001402900e\4271fb6b1024ca01250000001402900e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\4271fb6b1024ca01250000001402900e\4271fb6b1024ca01250000001402900e Found mount point : C:\Windows\winsxs\Temp\4dc06c1c2315ca01250000002c05540e\4dc06c1c2315ca01250000002c05540e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\4dc06c1c2315ca01250000002c05540e\4dc06c1c2315ca01250000002c05540e Found mount point : C:\Windows\winsxs\Temp\5039ae992308ca0125000000c416f017\5039ae992308ca0125000000c416f017 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\5039ae992308ca0125000000c416f017\5039ae992308ca0125000000c416f017 Found mount point : C:\Windows\winsxs\Temp\5064a9b47306ca0125000000180f580f\5064a9b47306ca0125000000180f580f Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\5064a9b47306ca0125000000180f580f\5064a9b47306ca0125000000180f580f Found mount point : C:\Windows\winsxs\Temp\50e502954f19ca01250000009c08d007\50e502954f19ca01250000009c08d007 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\50e502954f19ca01250000009c08d007\50e502954f19ca01250000009c08d007 Found mount point : C:\Windows\winsxs\Temp\50fe16bc49f9c9011900000054115013\50fe16bc49f9c9011900000054115013 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\50fe16bc49f9c9011900000054115013\50fe16bc49f9c9011900000054115013 Found mount point : C:\Windows\winsxs\Temp\55577b25fdf9c901190000009811ac13\55577b25fdf9c901190000009811ac13 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\55577b25fdf9c901190000009811ac13\55577b25fdf9c901190000009811ac13 Found mount point : C:\Windows\winsxs\Temp\5657ca77c20dca0125000000ac005c03\5657ca77c20dca0125000000ac005c03 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\5657ca77c20dca0125000000ac005c03\5657ca77c20dca0125000000ac005c03 Found mount point : C:\Windows\winsxs\Temp\56e01806ba31ca0125000000c0117414\56e01806ba31ca0125000000c0117414 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\56e01806ba31ca0125000000c0117414\56e01806ba31ca0125000000c0117414 Found mount point : C:\Windows\winsxs\Temp\5a6c10c1c803ca0119000000c00fd80e\5a6c10c1c803ca0119000000c00fd80e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\5a6c10c1c803ca0119000000c00fd80e\5a6c10c1c803ca0119000000c00fd80e Found mount point : C:\Windows\winsxs\Temp\5bdf92815f04ca01190000005015d817\5bdf92815f04ca01190000005015d817 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\5bdf92815f04ca01190000005015d817\5bdf92815f04ca01190000005015d817 Found mount point : C:\Windows\winsxs\Temp\5c1d24b6d73fca0125080000480a8009\5c1d24b6d73fca0125080000480a8009 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\5c1d24b6d73fca0125080000480a8009\5c1d24b6d73fca0125080000480a8009 Found mount point : C:\Windows\winsxs\Temp\5eb9ba650b03ca011900000008044c08\5eb9ba650b03ca011900000008044c08 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\5eb9ba650b03ca011900000008044c08\5eb9ba650b03ca011900000008044c08 Found mount point : C:\Windows\winsxs\Temp\6017e6785332ca0125000000000f9801\6017e6785332ca0125000000000f9801 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\6017e6785332ca0125000000000f9801\6017e6785332ca0125000000000f9801 Found mount point : C:\Windows\winsxs\Temp\60606c685102ca01190000007411e013\60606c685102ca01190000007411e013 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\60606c685102ca01190000007411e013\60606c685102ca01190000007411e013 Found mount point : C:\Windows\winsxs\Temp\60a61ac7421dca0125000000c4123c06\60a61ac7421dca0125000000c4123c06 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\60a61ac7421dca0125000000c4123c06\60a61ac7421dca0125000000c4123c06 Found mount point : C:\Windows\winsxs\Temp\60bb22624af5c90119000000e8088403\60bb22624af5c90119000000e8088403 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\60bb22624af5c90119000000e8088403\60bb22624af5c90119000000e8088403 Found mount point : C:\Windows\winsxs\Temp\693bdafbf400ca0119000000780e800f\693bdafbf400ca0119000000780e800f Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\693bdafbf400ca0119000000780e800f\693bdafbf400ca0119000000780e800f Found mount point : C:\Windows\winsxs\Temp\6c33e5110ff4c90119000000900cfc09\6c33e5110ff4c90119000000900cfc09 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\6c33e5110ff4c90119000000900cfc09\6c33e5110ff4c90119000000900cfc09 Found mount point : C:\Windows\winsxs\Temp\7ddef528f80bca01250000005008980f\7ddef528f80bca01250000005008980f Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\7ddef528f80bca01250000005008980f\7ddef528f80bca01250000005008980f Found mount point : C:\Windows\winsxs\Temp\807dc236ef46ca012500000050092812\807dc236ef46ca012500000050092812 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\807dc236ef46ca012500000050092812\807dc236ef46ca012500000050092812 Found mount point : C:\Windows\winsxs\Temp\808a20e4d3f6c901b9000000f0179017\808a20e4d3f6c901b9000000f0179017 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\808a20e4d3f6c901b9000000f0179017\808a20e4d3f6c901b9000000f0179017 Found mount point : C:\Windows\winsxs\Temp\8261def5e417ca019a0800001015dc11\8261def5e417ca019a0800001015dc11 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\8261def5e417ca019a0800001015dc11\8261def5e417ca019a0800001015dc11 Found mount point : C:\Windows\winsxs\Temp\856bc1a084efc90119000000c00b480f\856bc1a084efc90119000000c00b480f Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\856bc1a084efc90119000000c00b480f\856bc1a084efc90119000000c00b480f Found mount point : C:\Windows\winsxs\Temp\8bab4c1c4520ca01ff070000380fec08\8bab4c1c4520ca01ff070000380fec08 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\8bab4c1c4520ca01ff070000380fec08\8bab4c1c4520ca01ff070000380fec08 Found mount point : C:\Windows\winsxs\Temp\8dac1548b8fac901190000001c13680d\8dac1548b8fac901190000001c13680d Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\8dac1548b8fac901190000001c13680d\8dac1548b8fac901190000001c13680d Found mount point : C:\Windows\winsxs\Temp\8ef430d95936ca0125080000bc0f5409\8ef430d95936ca0125080000bc0f5409 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\8ef430d95936ca0125080000bc0f5409\8ef430d95936ca0125080000bc0f5409 Found mount point : C:\Windows\winsxs\Temp\9047a40c9a18ca0125000000940ff80b\9047a40c9a18ca0125000000940ff80b Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\9047a40c9a18ca0125000000940ff80b\9047a40c9a18ca0125000000940ff80b Found mount point : C:\Windows\winsxs\Temp\906a309e3a30ca012500000058142813\906a309e3a30ca012500000058142813 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\906a309e3a30ca012500000058142813\906a309e3a30ca012500000058142813 Found mount point : C:\Windows\winsxs\Temp\9164440c910eca0125000000f80fc006\9164440c910eca0125000000f80fc006 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\9164440c910eca0125000000f80fc006\9164440c910eca0125000000f80fc006 Found mount point : C:\Windows\winsxs\Temp\95f3139acaebc901190000002807b010\95f3139acaebc901190000002807b010 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\95f3139acaebc901190000002807b010\95f3139acaebc901190000002807b010 Found mount point : C:\Windows\winsxs\Temp\986feea9212cca0125000000640f3801\986feea9212cca0125000000640f3801 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\986feea9212cca0125000000640f3801\986feea9212cca0125000000640f3801 Found mount point : C:\Windows\winsxs\Temp\9db34631811fca01250000001016280b\9db34631811fca01250000001016280b Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\9db34631811fca01250000001016280b\9db34631811fca01250000001016280b Found mount point : C:\Windows\winsxs\Temp\9f505d907dfbc90119000000200a8c05\9f505d907dfbc90119000000200a8c05 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\9f505d907dfbc90119000000200a8c05\9f505d907dfbc90119000000200a8c05 Found mount point : C:\Windows\winsxs\Temp\a102d757f2f0c901190000003016600f\a102d757f2f0c901190000003016600f Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\a102d757f2f0c901190000003016600f\a102d757f2f0c901190000003016600f Found mount point : C:\Windows\winsxs\Temp\a35c3bb2021aca01250000003005400d\a35c3bb2021aca01250000003005400d Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\a35c3bb2021aca01250000003005400d\a35c3bb2021aca01250000003005400d Found mount point : C:\Windows\winsxs\Temp\a8cef0f8d908ca01250000002015d410\a8cef0f8d908ca01250000002015d410 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\a8cef0f8d908ca01250000002015d410\a8cef0f8d908ca01250000002015d410 Found mount point : C:\Windows\winsxs\Temp\a9a7a671cc05ca0125000000e810280f\a9a7a671cc05ca0125000000e810280f Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\a9a7a671cc05ca0125000000e810280f\a9a7a671cc05ca0125000000e810280f Found mount point : C:\Windows\winsxs\Temp\af2177dd762bca0125000000d80d400f\af2177dd762bca0125000000d80d400f Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\af2177dd762bca0125000000d80d400f\af2177dd762bca0125000000d80d400f Found mount point : C:\Windows\winsxs\Temp\af4bf2beb7fec901190000003017000e\af4bf2beb7fec901190000003017000e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\af4bf2beb7fec901190000003017000e\af4bf2beb7fec901190000003017000e Found mount point : C:\Windows\winsxs\Temp\b099e41bf9f5c90119000000700c8417\b099e41bf9f5c90119000000700c8417 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\b099e41bf9f5c90119000000700c8417\b099e41bf9f5c90119000000700c8417 Found mount point : C:\Windows\winsxs\Temp\b12ca835ad47ca0125000000fc04a00f\b12ca835ad47ca0125000000fc04a00f Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\b12ca835ad47ca0125000000fc04a00f\b12ca835ad47ca0125000000fc04a00f Found mount point : C:\Windows\winsxs\Temp\b3cefcdd550fca012500000004083002\b3cefcdd550fca012500000004083002 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\b3cefcdd550fca012500000004083002\b3cefcdd550fca012500000004083002 Found mount point : C:\Windows\winsxs\Temp\b547a1f695f8c901190000003805340a\b547a1f695f8c901190000003805340a Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\b547a1f695f8c901190000003805340a\b547a1f695f8c901190000003805340a Found mount point : C:\Windows\winsxs\Temp\b5610e9a12fec90119000000040f780b\b5610e9a12fec90119000000040f780b Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\b5610e9a12fec90119000000040f780b\b5610e9a12fec90119000000040f780b Found mount point : C:\Windows\winsxs\Temp\c04ed4774ffdc9011900000080110013\c04ed4774ffdc9011900000080110013 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\c04ed4774ffdc9011900000080110013\c04ed4774ffdc9011900000080110013 Found mount point : C:\Windows\winsxs\Temp\c6b1c1ce0a3cca012508000080105412\c6b1c1ce0a3cca012508000080105412 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\c6b1c1ce0a3cca012508000080105412\c6b1c1ce0a3cca012508000080105412 Found mount point : C:\Windows\winsxs\Temp\c83873c7a02fca01250000000005980f\c83873c7a02fca01250000000005980f Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\c83873c7a02fca01250000000005980f\c83873c7a02fca01250000000005980f Found mount point : C:\Windows\winsxs\Temp\cdc9bf9d9811ca01250000001c03440b\cdc9bf9d9811ca01250000001c03440b Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\cdc9bf9d9811ca01250000001c03440b\cdc9bf9d9811ca01250000001c03440b Found mount point : C:\Windows\winsxs\Temp\cf67b448cff1c90119000000cc08080e\cf67b448cff1c90119000000cc08080e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\cf67b448cff1c90119000000cc08080e\cf67b448cff1c90119000000cc08080e Found mount point : C:\Windows\winsxs\Temp\d02b84a9f113ca0125000000e003700e\d02b84a9f113ca0125000000e003700e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\d02b84a9f113ca0125000000e003700e\d02b84a9f113ca0125000000e003700e Found mount point : C:\Windows\winsxs\Temp\d0527088a1f6c9011900000088060810\d0527088a1f6c9011900000088060810 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\d0527088a1f6c9011900000088060810\d0527088a1f6c9011900000088060810 Found mount point : C:\Windows\winsxs\Temp\d06fa1e3d32cca0125000000280d7808\d06fa1e3d32cca0125000000280d7808 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\d06fa1e3d32cca0125000000280d7808\d06fa1e3d32cca0125000000280d7808 Found mount point : C:\Windows\winsxs\Temp\d094fa533046ca0125000000c0113c16\d094fa533046ca0125000000c0113c16 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\d094fa533046ca0125000000c0113c16\d094fa533046ca0125000000c0113c16 Found mount point : C:\Windows\winsxs\Temp\d420c3e58ef2c90119000000a008d40b\d420c3e58ef2c90119000000a008d40b Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\d420c3e58ef2c90119000000a008d40b\d420c3e58ef2c90119000000a008d40b Found mount point : C:\Windows\winsxs\Temp\d6794306a822ca0125080000e0053c12\d6794306a822ca0125080000e0053c12 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\d6794306a822ca0125080000e0053c12\d6794306a822ca0125080000e0053c12 Found mount point : C:\Windows\winsxs\Temp\d6837b56f12dca0125000000c80bd40c\d6837b56f12dca0125000000c80bd40c Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\d6837b56f12dca0125000000c80bd40c\d6837b56f12dca0125000000c80bd40c Found mount point : C:\Windows\winsxs\Temp\dbcaa258193bca0125080000dc170016\dbcaa258193bca0125080000dc170016 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\dbcaa258193bca0125080000dc170016\dbcaa258193bca0125080000dc170016 Found mount point : C:\Windows\winsxs\Temp\e07e101af230ca01b10000001819bc08\e07e101af230ca01b10000001819bc08 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\e07e101af230ca01b10000001819bc08\e07e101af230ca01b10000001819bc08 Found mount point : C:\Windows\winsxs\Temp\ef624a80af3cca01250800007c0b2c0f\ef624a80af3cca01250800007c0b2c0f Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\ef624a80af3cca01250800007c0b2c0f\ef624a80af3cca01250800007c0b2c0f Found mount point : C:\Windows\winsxs\Temp\f050c3123e16ca0125000000e007500e\f050c3123e16ca0125000000e007500e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\f050c3123e16ca0125000000e007500e\f050c3123e16ca0125000000e007500e Found mount point : C:\Windows\winsxs\Temp\f18f321da22eca0125000000ec161017\f18f321da22eca0125000000ec161017 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\f18f321da22eca0125000000ec161017\f18f321da22eca0125000000ec161017 Found mount point : C:\Windows\winsxs\Temp\f3677b675bf3c90119000000b810d813\f3677b675bf3c90119000000b810d813 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\f3677b675bf3c90119000000b810d813\f3677b675bf3c90119000000b810d813 Found mount point : C:\Windows\winsxs\Temp\f3c785b4edeec9011900000030151815\f3c785b4edeec9011900000030151815 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\f3c785b4edeec9011900000030151815\f3c785b4edeec9011900000030151815 Found mount point : C:\Windows\winsxs\Temp\f4638b319540ca0125000000180d200e\f4638b319540ca0125000000180d200e Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\f4638b319540ca0125000000180d200e\f4638b319540ca0125000000180d200e Found mount point : C:\Windows\winsxs\Temp\f641c8a830fcc901190000001410c803\f641c8a830fcc901190000001410c803 Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\f641c8a830fcc901190000001410c803\f641c8a830fcc901190000001410c803 Found mount point : C:\Windows\winsxs\Temp\fed9f554b321ca01250800001c0e740c\fed9f554b321ca01250800001c0e740c Mount point destination : \Device\__max++>\^ Removing mount point : C:\Windows\winsxs\Temp\fed9f554b321ca01250800001c0e740c\fed9f554b321ca01250800001c0e740c Finished! |
|
|
|
|
10-08-2009, 03:25 PM
|
#17 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
And here is the junction.bat log. Thanks for your help, Ried!
Junction v1.05 - Windows junction creator and reparse point viewer Copyright (C) 2000-2007 Mark Russinovich Systems Internals - http://www.sysinternals.com \\?\c:\\Documents and Settings: JUNCTION Print Name : c:\Users Substitute Name: c:\Users Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... .. Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe: Access is denied. Failed to open \\?\c:\\Program Files\trend micro\Trevor Bayless.exe: Access is denied. . \\?\c:\\ProgramData\Application Data: JUNCTION Print Name : c:\ProgramData Substitute Name: c:\ProgramData \\?\c:\\ProgramData\Desktop: JUNCTION Print Name : c:\Users\Public\Desktop Substitute Name: c:\Users\Public\Desktop \\?\c:\\ProgramData\Documents: JUNCTION Print Name : c:\Users\Public\Documents Substitute Name: c:\Users\Public\Documents \\?\c:\\ProgramData\Favorites: JUNCTION Print Name : c:\Users\Public\Favorites Substitute Name: c:\Users\Public\Favorites \\?\c:\\ProgramData\Start Menu: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Start Menu Substitute Name: c:\ProgramData\Microsoft\Windows\Start Menu \\?\c:\\ProgramData\Templates: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Templates Substitute Name: c:\ProgramData\Microsoft\Windows\Templates .. Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d01204a0294f878ccfc90f86a6d9550_b6f4ef62-bf5c-4674-87cc-43aa9fb14601: Access is denied. . ... ... ... Failed to open \\?\c:\\System Volume Information\MountPointManagerRemoteDatabase: Access is denied. Failed to open \\?\c:\\System Volume Information\{08ed64b2-adf7-11de-a43d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{0e6894be-b1cd-11de-bf87-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{0e6894c4-b1cd-11de-bf87-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{16325e2b-ad91-11de-9738-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{38c93770-a704-11de-b2cb-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{38c93776-a704-11de-b2cb-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{3e66b09e-b2e7-11de-af3f-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{3f57eac3-af83-11de-91ec-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{3f57ead8-af83-11de-91ec-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{3f57eb04-af83-11de-91ec-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{42fffa0b-b3bd-11de-9b15-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{42fffa11-b3bd-11de-9b15-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{42fffa1d-b3bd-11de-9b15-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{503bde23-b37a-11de-9fe8-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{6225aeb2-b1ca-11de-bc30-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{6225aedf-b1ca-11de-bc30-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{6b84a9dc-ac87-11de-9939-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{78db5eea-abc9-11de-8a86-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{7b69c8f0-a32c-11de-b79f-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{7b69c8f6-a32c-11de-b79f-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{81adc1ba-b07a-11de-bfee-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{81adc1c6-b07a-11de-bfee-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{8b2b0280-a87c-11de-8685-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{a5ec75e0-b20f-11de-a6f3-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{a5ec75e6-b20f-11de-a6f3-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{a5ec75fa-b20f-11de-a6f3-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b0322851-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b0322857-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b032287e-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b0322884-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b032289b-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b03228a1-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b03228a7-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b03228b0-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{b03228b6-aff3-11de-b62d-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{ea7ae7e6-b1ea-11de-9f6e-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{ea7ae7ec-b1ea-11de-9f6e-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{ecd82511-a401-11de-806f-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\{ed120a99-b427-11de-af64-001eec68662f}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied. Failed to open \\?\c:\\System Volume Information\SystemRestore\System Volume Information: Access is denied. .\\?\c:\\Users\All Users: UNKNOWN MICROSOFT REPARSE POINT \\?\c:\\Users\Default User: JUNCTION Print Name : c:\Users\Default Substitute Name: c:\Users\Default \\?\c:\\Users\All Users\Application Data: JUNCTION Print Name : c:\ProgramData Substitute Name: c:\ProgramData \\?\c:\\Users\All Users\Desktop: JUNCTION Print Name : c:\Users\Public\Desktop Substitute Name: c:\Users\Public\Desktop \\?\c:\\Users\All Users\Documents: JUNCTION Print Name : c:\Users\Public\Documents Substitute Name: c:\Users\Public\Documents \\?\c:\\Users\All Users\Favorites: JUNCTION Print Name : c:\Users\Public\Favorites Substitute Name: c:\Users\Public\Favorites .\\?\c:\\Users\All Users\Start Menu: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Start Menu Substitute Name: c:\ProgramData\Microsoft\Windows\Start Menu \\?\c:\\Users\All Users\Templates: JUNCTION Print Name : c:\ProgramData\Microsoft\Windows\Templates Substitute Name: c:\ProgramData\Microsoft\Windows\Templates . Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9d01204a0294f878ccfc90f86a6d9550_b6f4ef62-bf5c-4674-87cc-43aa9fb14601: Access is denied. ... \\?\c:\\Users\Default\Application Data: JUNCTION Print Name : c:\Users\Default\AppData\Roaming Substitute Name: c:\Users\Default\AppData\Roaming \\?\c:\\Users\Default\Local Settings: JUNCTION Print Name : c:\Users\Default\AppData\Local Substitute Name: c:\Users\Default\AppData\Local \\?\c:\\Users\Default\My Documents: JUNCTION Print Name : c:\Users\Default\Documents Substitute Name: c:\Users\Default\Documents \\?\c:\\Users\Default\NetHood: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts \\?\c:\\Users\Default\PrintHood: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts \\?\c:\\Users\Default\Recent: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent \\?\c:\\Users\Default\SendTo: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo \\?\c:\\Users\Default\Start Menu: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu \\?\c:\\Users\Default\Templates: JUNCTION Print Name : c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates \\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION Print Name : c:\Users\Default\AppData\Local Substitute Name: c:\Users\Default\AppData\Local \\?\c:\\Users\Default\AppData\Local\History: JUNCTION Print Name : c:\Users\Default\AppData\Local\Microsoft\Windows\History Substitute Name: c:\Users\Default\AppData\Local\Microsoft\Windows\History \\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION Print Name : c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files \\?\c:\\Users\Default\Documents\My Music: JUNCTION Print Name : c:\Users\Default\Music Substitute Name: c:\Users\Default\Music \\?\c:\\Users\Default\Documents\My Pictures: JUNCTION Print Name : c:\Users\Default\Pictures Substitute Name: c:\Users\Default\Pictures \\?\c:\\Users\Default\Documents\My Videos: JUNCTION Print Name : c:\Users\Default\Videos Substitute Name: c:\Users\Default\Videos .\\?\c:\\Users\Public\Documents\My Music: JUNCTION Print Name : c:\Users\Public\Music Substitute Name: c:\Users\Public\Music \\?\c:\\Users\Public\Documents\My Pictures: JUNCTION Print Name : c:\Users\Public\Pictures Substitute Name: c:\Users\Public\Pictures \\?\c:\\Users\Public\Documents\My Videos: JUNCTION Print Name : c:\Users\Public\Videos Substitute Name: c:\Users\Public\Videos \\?\c:\\Users\Trevor Bayless\Application Data: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming \\?\c:\\Users\Trevor Bayless\Cookies: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Cookies Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Cookies \\?\c:\\Users\Trevor Bayless\Local Settings: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local Substitute Name: C:\Users\Trevor Bayless\AppData\Local \\?\c:\\Users\Trevor Bayless\My Documents: JUNCTION Print Name : C:\Users\Trevor Bayless\Documents Substitute Name: C:\Users\Trevor Bayless\Documents \\?\c:\\Users\Trevor Bayless\NetHood: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Network Shortcuts \\?\c:\\Users\Trevor Bayless\PrintHood: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Printer Shortcuts \\?\c:\\Users\Trevor Bayless\Recent: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Recent \\?\c:\\Users\Trevor Bayless\SendTo: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\SendTo \\?\c:\\Users\Trevor Bayless\Start Menu: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Start Menu \\?\c:\\Users\Trevor Bayless\Templates: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: C:\Users\Trevor Bayless\AppData\Roaming\Microsoft\Windows\Templates \\?\c:\\Users\Trevor Bayless\AppData\Local\Application Data: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local Substitute Name: C:\Users\Trevor Bayless\AppData\Local \\?\c:\\Users\Trevor Bayless\AppData\Local\History: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\History Substitute Name: C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\History \\?\c:\\Users\Trevor Bayless\AppData\Local\Temporary Internet Files: JUNCTION Print Name : C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: C:\Users\Trevor Bayless\AppData\Local\Microsoft\Windows\Temporary Internet Files .. ... ... ... ... ... ... Failed to open \\?\c:\\Users\Trevor Bayless\Desktop\RSIT.exe: Access is denied. .\\?\c:\\Users\Trevor Bayless\Documents\My Music: JUNCTION Print Name : C:\Users\Trevor Bayless\Music Substitute Name: C:\Users\Trevor Bayless\Music \\?\c:\\Users\Trevor Bayless\Documents\My Pictures: JUNCTION Print Name : C:\Users\Trevor Bayless\Pictures Substitute Name: C:\Users\Trevor Bayless\Pictures \\?\c:\\Users\Trevor Bayless\Documents\My Videos: JUNCTION Print Name : C:\Users\Trevor Bayless\Videos Substitute Name: C:\Users\Trevor Bayless\Videos Failed to open \\?\c:\\Users\Trevor Bayless\Downloads\RSIT(2).exe: Access is denied. Failed to open \\?\c:\\Users\Trevor Bayless\Downloads\RSIT.exe: Access is denied. .. \\?\c:\\Windows\AppPatch\Custom\Custom: MOUNT POINT Substitute Name: \Device\__max++>\^ ... \\?\c:\\Windows\ehome\CreateDisc\style\style: MOUNT POINT Substitute Name: \Device\__max++>\^ .\\?\c:\\Windows\Globalization\Globalization: MOUNT POINT Substitute Name: \Device\__max++>\^ .. ..\\?\c:\\Windows\Microsoft.NET\authman\authman: MOUNT POINT Substitute Name: \Device\__max++>\^ . ... .\\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16679_none_128e8c93a2bce482: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20821_none_13463890bbb92b06: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18061_none_147798d59fe28eca: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22165_none_150536c8b8fc93f0: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16679_none_3200fce9dd0448e0: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20821_none_32b8a8e6f6008f64: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16679_none_249fac1865043b1f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20821_none_255758157e0081a3: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18061_none_2688b85a6229e567: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22165_none_2716564d7b43ea8d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16679_none_3d017dbd628e4075: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20821_none_3db929ba7b8a86f9: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16679_none_d9d44caa5a19bb32: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20821_none_da8bf8a7731601b6: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\SoftwareDistribution\Download\b1b96411ebe18f45eb0a2fed3bb469d8\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22165_none_dc4af6df70596aa0: MOUNT POINT Substitute Name: \Device\__max++>\^ .. ... .\\?\c:\\Windows\System32\config\systemprofile\Application Data: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming \\?\c:\\Windows\System32\config\systemprofile\Local Settings: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local \\?\c:\\Windows\System32\config\systemprofile\My Documents: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Documents Substitute Name: C:\Windows\system32\config\systemprofile\Documents \\?\c:\\Windows\System32\config\systemprofile\NetHood: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts \\?\c:\\Windows\System32\config\systemprofile\PrintHood: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts \\?\c:\\Windows\System32\config\systemprofile\Recent: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent \\?\c:\\Windows\System32\config\systemprofile\SendTo: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo \\?\c:\\Windows\System32\config\systemprofile\Start Menu: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu \\?\c:\\Windows\System32\config\systemprofile\Templates: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Application Data: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\History: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History \\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files .\\?\c:\\Windows\System32\config\systemprofile\Documents\My Music: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Music Substitute Name: C:\Windows\system32\config\systemprofile\Music \\?\c:\\Windows\System32\config\systemprofile\Documents\My Pictures: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Pictures Substitute Name: C:\Windows\system32\config\systemprofile\Pictures \\?\c:\\Windows\System32\config\systemprofile\Documents\My Videos: JUNCTION Print Name : C:\Windows\system32\config\systemprofile\Videos Substitute Name: C:\Windows\system32\config\systemprofile\Videos . ... ... ... ... ... ... .. Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied. . ...\\?\c:\\Windows\tracing\tracing: MOUNT POINT Substitute Name: \Device\__max++>\^ ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...\\?\c:\\Windows\winsxs\Temp\00013fe3673aca0125080000a4147408\00013fe3673aca0125080000a4147408: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\00ba192cda1dca0125000000800a1013\00ba192cda1dca0125000000800a1013: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\0480c039ab0cca01250000005008d400\0480c039ab0cca01250000005008d400: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\05a61f806c0aca01250000008008e00e\05a61f806c0aca01250000008008e00e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\05dc6dc5fc32ca017c100000f80e980d\05dc6dc5fc32ca017c100000f80e980d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\092a1e014c13ca0125000000180ffc0d\092a1e014c13ca0125000000180ffc0d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\0ec7659a8307ca01250000008011e814\0ec7659a8307ca01250000008011e814: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\0f322485ca24ca0125000000580fd80e\0f322485ca24ca0125000000580fd80e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\0f5eac9ea001ca011900000038130c10\0f5eac9ea001ca011900000038130c10: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\175afe02f016ca01250000004c0dc40c\175afe02f016ca01250000004c0dc40c: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\17f1019763ffc9011900000070098814\17f1019763ffc9011900000070098814: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\1cfd490d6212ca01250000003c0e940a\1cfd490d6212ca01250000003c0e940a: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\1ee6f94f182aca0125000000ac0d6410\1ee6f94f182aca0125000000ac0d6410: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\206d98e9aff7c90119000000a409a005\206d98e9aff7c90119000000a409a005: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\227dcf8ba9f4c90119000000e8060817\227dcf8ba9f4c90119000000e8060817: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\25a3ae1ded20ca0125080000900ce812\25a3ae1ded20ca0125080000900ce812: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\26993cb79315ca0125000000ac00b80f\26993cb79315ca0125000000ac00b80f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\27cbeac09934ca012508000074103012\27cbeac09934ca012508000074103012: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\27e0cc124500ca01190000005004d003\27e0cc124500ca01190000005004d003: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\2914d1fc0f38ca0125080000fc074405\2914d1fc0f38ca0125080000fc074405: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\3034128dc92aca0125000000ac0c700e\3034128dc92aca0125000000ac0c700e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\3042d9927535ca01250800009409b00b\3042d9927535ca01250800009409b00b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\308ed35f25f0c901190000004c0d9814\308ed35f25f0c901190000004c0d9814: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\361478ea070bca01250000000405800e\361478ea070bca01250000000405800e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\3d1d0bad3a37ca0125080000e80a8403\3d1d0bad3a37ca0125080000e80a8403: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\3d88f1da2820ca01250000009803a00b\3d88f1da2820ca01250000009803a00b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\4271fb6b1024ca01250000001402900e\4271fb6b1024ca01250000001402900e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\4dc06c1c2315ca01250000002c05540e\4dc06c1c2315ca01250000002c05540e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5039ae992308ca0125000000c416f017\5039ae992308ca0125000000c416f017: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5064a9b47306ca0125000000180f580f\5064a9b47306ca0125000000180f580f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\50e502954f19ca01250000009c08d007\50e502954f19ca01250000009c08d007: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\50fe16bc49f9c9011900000054115013\50fe16bc49f9c9011900000054115013: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\55577b25fdf9c901190000009811ac13\55577b25fdf9c901190000009811ac13: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5657ca77c20dca0125000000ac005c03\5657ca77c20dca0125000000ac005c03: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\56e01806ba31ca0125000000c0117414\56e01806ba31ca0125000000c0117414: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5a6c10c1c803ca0119000000c00fd80e\5a6c10c1c803ca0119000000c00fd80e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5bdf92815f04ca01190000005015d817\5bdf92815f04ca01190000005015d817: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5c1d24b6d73fca0125080000480a8009\5c1d24b6d73fca0125080000480a8009: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\5eb9ba650b03ca011900000008044c08\5eb9ba650b03ca011900000008044c08: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\6017e6785332ca0125000000000f9801\6017e6785332ca0125000000000f9801: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\60606c685102ca01190000007411e013\60606c685102ca01190000007411e013: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\60a61ac7421dca0125000000c4123c06\60a61ac7421dca0125000000c4123c06: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\60bb22624af5c90119000000e8088403\60bb22624af5c90119000000e8088403: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\693bdafbf400ca0119000000780e800f\693bdafbf400ca0119000000780e800f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\6c33e5110ff4c90119000000900cfc09\6c33e5110ff4c90119000000900cfc09: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\7ddef528f80bca01250000005008980f\7ddef528f80bca01250000005008980f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\807dc236ef46ca012500000050092812\807dc236ef46ca012500000050092812: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\808a20e4d3f6c901b9000000f0179017\808a20e4d3f6c901b9000000f0179017: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\8261def5e417ca019a0800001015dc11\8261def5e417ca019a0800001015dc11: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\856bc1a084efc90119000000c00b480f\856bc1a084efc90119000000c00b480f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\8bab4c1c4520ca01ff070000380fec08\8bab4c1c4520ca01ff070000380fec08: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\8dac1548b8fac901190000001c13680d\8dac1548b8fac901190000001c13680d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\8ef430d95936ca0125080000bc0f5409\8ef430d95936ca0125080000bc0f5409: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\9047a40c9a18ca0125000000940ff80b\9047a40c9a18ca0125000000940ff80b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\906a309e3a30ca012500000058142813\906a309e3a30ca012500000058142813: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\9164440c910eca0125000000f80fc006\9164440c910eca0125000000f80fc006: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\95f3139acaebc901190000002807b010\95f3139acaebc901190000002807b010: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\986feea9212cca0125000000640f3801\986feea9212cca0125000000640f3801: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\9db34631811fca01250000001016280b\9db34631811fca01250000001016280b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\9f505d907dfbc90119000000200a8c05\9f505d907dfbc90119000000200a8c05: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\a102d757f2f0c901190000003016600f\a102d757f2f0c901190000003016600f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\a35c3bb2021aca01250000003005400d\a35c3bb2021aca01250000003005400d: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\a8cef0f8d908ca01250000002015d410\a8cef0f8d908ca01250000002015d410: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\a9a7a671cc05ca0125000000e810280f\a9a7a671cc05ca0125000000e810280f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\af2177dd762bca0125000000d80d400f\af2177dd762bca0125000000d80d400f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\af4bf2beb7fec901190000003017000e\af4bf2beb7fec901190000003017000e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\b099e41bf9f5c90119000000700c8417\b099e41bf9f5c90119000000700c8417: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\b12ca835ad47ca0125000000fc04a00f\b12ca835ad47ca0125000000fc04a00f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\b3cefcdd550fca012500000004083002\b3cefcdd550fca012500000004083002: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\b547a1f695f8c901190000003805340a\b547a1f695f8c901190000003805340a: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\b5610e9a12fec90119000000040f780b\b5610e9a12fec90119000000040f780b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\c04ed4774ffdc9011900000080110013\c04ed4774ffdc9011900000080110013: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\c6b1c1ce0a3cca012508000080105412\c6b1c1ce0a3cca012508000080105412: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\c83873c7a02fca01250000000005980f\c83873c7a02fca01250000000005980f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\cdc9bf9d9811ca01250000001c03440b\cdc9bf9d9811ca01250000001c03440b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\cf67b448cff1c90119000000cc08080e\cf67b448cff1c90119000000cc08080e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d02b84a9f113ca0125000000e003700e\d02b84a9f113ca0125000000e003700e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d0527088a1f6c9011900000088060810\d0527088a1f6c9011900000088060810: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d06fa1e3d32cca0125000000280d7808\d06fa1e3d32cca0125000000280d7808: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d094fa533046ca0125000000c0113c16\d094fa533046ca0125000000c0113c16: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d420c3e58ef2c90119000000a008d40b\d420c3e58ef2c90119000000a008d40b: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d6794306a822ca0125080000e0053c12\d6794306a822ca0125080000e0053c12: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\d6837b56f12dca0125000000c80bd40c\d6837b56f12dca0125000000c80bd40c: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\dbcaa258193bca0125080000dc170016\dbcaa258193bca0125080000dc170016: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\e07e101af230ca01b10000001819bc08\e07e101af230ca01b10000001819bc08: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\ef624a80af3cca01250800007c0b2c0f\ef624a80af3cca01250800007c0b2c0f: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f050c3123e16ca0125000000e007500e\f050c3123e16ca0125000000e007500e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f18f321da22eca0125000000ec161017\f18f321da22eca0125000000ec161017: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f3677b675bf3c90119000000b810d813\f3677b675bf3c90119000000b810d813: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f3c785b4edeec9011900000030151815\f3c785b4edeec9011900000030151815: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f4638b319540ca0125000000180d200e\f4638b319540ca0125000000180d200e: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\f641c8a830fcc901190000001410c803\f641c8a830fcc901190000001410c803: MOUNT POINT Substitute Name: \Device\__max++>\^ \\?\c:\\Windows\winsxs\Temp\fed9f554b321ca01250800001c0e740c\fed9f554b321ca01250800001c0e740c: MOUNT POINT Substitute Name: \Device\__max++>\^ ... ... ... ... ... ... ... ... ... |
|
|
|
|
10-08-2009, 08:46 PM
|
#18 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,859
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
Here we go...
Download this tool and save it directly to your desktop - not a folder on the desktop - the commands are tailored for the desktop location. On your keyboard, click the Windows logo key and the letter R to bring up the Run command. Copy/paste the following bolded text into the Run box and click OK: "%userprofile%\desktop\Inherit.exe" "c:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Repeat the above procedure using the following commands (one at a time): "%userprofile%\desktop\Inherit.exe" "c:\Program Files\trend micro\Trevor Bayless.exe" "%userprofile%\desktop\Inherit.exe" "c:\Users\Trevor Bayless\Desktop\RSIT.exe" "%userprofile%\desktop\Inherit.exe" "c:\Users\Trevor Bayless\Downloads\RSIT(2).exe" "%userprofile%\desktop\Inherit.exe" "c:\Users\Trevor Bayless\Downloads\RSIT.exe" "%userprofile%\desktop\Inherit.exe" "c:\Program Files\AVG\AVG8\avgcsrvx.exe" =========================== Open Notepad and copy/paste the contents in the quote box below, into Notepad. Quote:
It should look like this: Double click on fix.bat & allow it to run. Post back and tell me what it says. Are Spybot and AVG working for you now? Try deleting rsit.exe and let me know if you were able to . Last edited by Ried; 10-08-2009 at 08:55 PM. |
|
|
|
|
|
10-09-2009, 01:29 AM
|
#19 (permalink) |
|
HJT Trainee
Join Date: Apr 2009
Location: United States
Posts: 55
OS: Windows XP / Vista / Linux Mint 7
|
Re: Computer badly infected with viruses - PLEASE HELP!
Hello!
Yes! I was successfully able to delete the copy of RSIT.exe that was on my desktop, Spybot S&D Works perfectly, and instead of AVG FREE I have Avast, which is also working! Below is what the fix.bat gave to me in the notepad...I'm not sure if it completed fully? I saw the black administrator screen for about 3 seconds and then it gave me this log file below: c:\Windows\AppPatch\Custom\Custom c:\Windows\ehome\CreateDisc\style\style c:\Windows\Globalization\Globalization c:\Windows\Microsoft.NET\authman\authman c:\Windows\tracing\tracing |
|
|
|
|
10-09-2009, 08:30 AM
|
#20 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,859
OS: WinXP and Vista
|
Re: Computer badly infected with viruses - PLEASE HELP!
Let's try this again. On your keyboard, click the Windows logo key and the letter R to bring up the Run command. Copy/paste the following commands, (one at a time) into the Run box and click OK:
"%userprofile%\desktop\Inherit.exe" "c:\Windows\AppPatch\Custom\Custom" "%userprofile%\desktop\Inherit.exe" "c:\Windows\ehome\CreateDisc\style\style" "%userprofile%\desktop\Inherit.exe" "c:\Windows\Globalization\Globalization" "%userprofile%\desktop\Inherit.exe" "c:\Windows\Microsoft.NET\authman\authman" "%userprofile%\desktop\Inherit.exe" "c:\Windows\tracing\tracing" ======================================== Next, download the attached shyguyfix.zip to your desktop. Double click the zip folder, then right click the shyguyfix.bat and run as administrator. It should only take moments to complete. Please Post back and tell me what it says. Last edited by Ried; 10-11-2009 at 11:19 PM. |
|
|
|
| Thread Tools | |
|
|
