[nicko.custom]

Hello, like i wrote i have a really bad virus ,,the worst one yet . It will not start unless in safe mode and in safe mode it blue screened a couple of times ,, i have run scan after scan and the virus will stop the scan halfway in and close the program i have tried many times with my eset and a new malware/spyware program, i also tried combofix and it would not even open those programs at all. I am having a hard time since 27 hours ago please help if you can

[Advertisements]

Hello nicko.custom

Welcome to G2Go.
=====================
Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

[kahdah]

Hello nicko.custom

Welcome to G2Go.
=====================
Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

[nicko.custom]

Hey its nicko.custom here hope this is what you were asking about,


Running from: C:\Users\Ivabiggin\Desktop\Win32kDiag.exe

Log file at : C:\Users\Ivabiggin\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\bthservsdp.dat

[1] 2009-09-13 07:50:27 12 C:\Windows\bthservsdp.dat ()



Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581\8.0.50727\8.0.50727

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\3569BFDAC44FC064FB8581C95C25FDEF\2.2.0\2.2.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A2100000030\8.1.2\8.1.2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D64F86DB28A84664E8868FC755DBFE4D\9.0.4035\9.0.4035

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Options\CABS\CABS

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Options\Install\Install

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Crypto\Keys\Keys

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\cc9db45d4d7a49bee9efe23f364bf80b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18795_none_656cbc830d360ee8\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18795_none_656cbc830d360ee8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\cc9db45d4d7a49bee9efe23f364bf80b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.22886_none_66022984264aac18\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.22886_none_66022984264aac18: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB960089_ENU\hotfixas\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB960089_ENU\hotfixdts\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB960089_ENU\hotfixns\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB960089_ENU\hotfixrs\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB960089_ENU\hotfixsql\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SQL9_KB960089_ENU\hotfixtools\files\files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\0409\0409

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Branding\en-US\en-US

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\cngaudit.dll

[1] 2006-11-02 19:46:03 61952 C:\Windows\System32\cngaudit.dll ()

[2] 2006-11-02 19:46:03 11776 C:\Windows\System32\logevent.dll (Microsoft Corporation)

[1] 2006-11-02 19:46:03 11776 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll (Microsoft Corporation)



Found mount point : C:\Windows\System32\com\dmp\dmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\Journal\Journal

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\IdentityCRL\production\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Silverlight\Silverlight

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\1

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\10

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\12

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\13

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\17

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\18

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\19

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\20

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\21

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\27

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\29

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\30

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\34

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\36

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\40

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\41

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\43

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\44

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\46

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\49

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\51

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\53

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\55

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\56

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\58

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\60

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\63

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\8

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\9

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\host

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin\muffin

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\GroupPolicy\GroupPolicy

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\GroupPolicyUsers\GroupPolicyUsers

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-09-14 10:48:06 56800 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-09-14 10:49:58 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-09-14 10:50:30 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-09-14 10:50:29 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Found mount point : C:\Windows\System32\Macromed\Director\Director

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Macromed\Shockwave 8\Shockwave 8

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\MUI\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\setup\en-US\en-US

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\SMI\Manifests\Manifests

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\spool\drivers\IA64\IA64

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\spool\drivers\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\spool\SERVERS\SERVERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\wbem\MOF\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\wbem\MOF\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\WCN\de-DE\de-DE

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\WCN\es-ES\es-ES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\WCN\fr-FR\fr-FR

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\WCN\ja-JP\ja-JP

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\WerFault.exe

[1] 2009-04-11 16:28:11 217088 C:\Windows\System32\WerFault.exe ()

[1] 2008-01-21 12:24:06 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe (Microsoft Corporation)

[1] 2008-01-21 12:24:06 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe (Microsoft Corporation)

[1] 2008-09-20 14:00:16 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe (Microsoft Corporation)

[1] 2009-04-11 16:28:11 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6002.18005_none_71f295ae39eb1c85\WerFault.exe ()



Found mount point : C:\Windows\System32\winevt\TraceFormat\TraceFormat

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\_isTmp_{8675309}\_isTmp_{8675309}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6002.18005_none_71f295ae39eb1c85\WerFault.exe

[1] 2009-04-11 16:28:11 217088 C:\Windows\System32\WerFault.exe ()

[1] 2008-01-21 12:24:06 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe (Microsoft Corporation)

[1] 2008-01-21 12:24:06 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe (Microsoft Corporation)

[1] 2008-09-20 14:00:16 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe (Microsoft Corporation)

[1] 2009-04-11 16:28:11 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6002.18005_none_71f295ae39eb1c85\WerFault.exe ()





Finished!

Thanks

[kahdah]

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[nicko.custom]

ok i cant get combo fix to work...
starts to load then dissapears then nothin happens, eset isnt running i dont think and i have malwarebytes' antimalware but cant get it to run a cycle either...???
thanks for the help, this is drivin me crazy

[kahdah]

First download the attached .zip file then right click on it and extract it to C:\.
[attachment=34227:clean_copy.zip]
Then do the following.
==============
1. Please download The Avenger2 by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\cngaudit.dll | C:\Windows\system32\cngaudit.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.
========================================
Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.
Link 1
Link 2
--------------------------------------------------------------------

Double click on kahdah.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt

[nicko.custom]

heres the log file
but i still cant seem to get combofix to get past the begining progress screen it always just disapears

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "C:\clean copy\cngaudit.dll" for move operation
File move operation "C:\clean copy\cngaudit.dll|C:\Windows\system32\cngaudit.dll" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.

[nicko.custom]

not sure if i mentioned, i can only boot up in safe mode. so would this be why i cannot sucessfully run malware or combofix

[kahdah]

I have edited the steps it didn't work because it dropped the file on the c:\ drive and the program didn't see it.
Please do the same steps again from this post.
http://www.geekstogo...s...t&p=1640451

[nicko.custom]

AWESOME got it 2 happen and im in my normal account

now,first of all here is the avenger2 log



Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\cngaudit.dll|C:\Windows\system32\cngaudit.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.






now for the combofix log




ComboFix 09-09-13.05 - Ivabiggin 14/09/2009 23:31.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3068.1707 [GMT 10:00]
Running from: c:\users\Ivabiggin\Desktop\kahdah.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1987498244-4101223205-2021317869-500
c:\$recycle.bin\S-1-5-21-2038490712-1044043410-72732685-500
c:\program files\Norton2009Reset.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\System Security
c:\programdata\Microsoft\Windows\Start Menu\Programs\System Security\System Security 2009 Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\System Security\System Security 2009.lnk
c:\users\Ivabiggin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security
c:\users\Ivabiggin\Desktop\System Security 2009.lnk
c:\windows\Installer\44a2a.msi
c:\windows\msa.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_.norton2009Reset


((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))
.

2009-09-14 13:36 . 2009-09-14 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-13 13:49 . 2009-09-13 13:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-12 15:50 . 2009-08-03 03:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-12 15:50 . 2009-09-14 07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 15:50 . 2009-08-03 03:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-12 13:07 . 2009-09-12 13:07 -------- d-----w- c:\users\Ivabiggin\AppData\Roaming\Malwarebytes
2009-09-12 13:07 . 2009-09-12 13:07 -------- d-----w- c:\programdata\Malwarebytes
2009-09-09 07:20 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-04 03:40 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-04 03:40 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-29 05:56 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-14 13:40 . 2008-12-31 12:07 -------- d-----w- c:\users\Ivabiggin\AppData\Roaming\DNA
2009-09-14 13:39 . 2008-07-22 13:30 49827 ----a-w- c:\programdata\nvModes.dat
2009-09-14 13:37 . 2008-06-25 06:54 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-14 13:31 . 2008-12-29 11:54 -------- d-----w- c:\users\Ivabiggin\AppData\Roaming\Skype
2009-09-14 13:28 . 2008-12-29 11:59 -------- d-----w- c:\users\Ivabiggin\AppData\Roaming\skypePM
2009-09-14 01:58 . 2009-02-15 13:18 1356 ----a-w- c:\users\Ivabiggin\AppData\Local\d3d9caps.dat
2009-09-09 08:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 08:40 . 2009-06-30 03:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 08:40 . 2008-06-25 07:57 -------- d-----w- c:\programdata\Microsoft Help
2009-09-07 14:18 . 2009-02-08 01:56 -------- d-----w- c:\users\Ivabiggin\AppData\Roaming\uTorrent
2009-08-14 16:27 . 2009-09-09 07:21 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 07:21 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 07:21 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 07:21 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 07:21 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 07:21 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 07:21 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 07:21 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 07:21 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 07:21 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 07:21 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-06 00:07 . 2008-06-25 09:02 -------- d-----w- c:\program files\Java
2009-08-03 05:07 . 2009-08-03 05:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 05:07 . 2009-08-03 05:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 05:07 . 2009-08-03 05:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-24 19:23 . 2009-01-26 12:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 08:34 . 2009-07-10 05:35 -------- d-----w- c:\programdata\Ahead
2009-07-22 08:34 . 2009-07-10 05:04 -------- d-----w- c:\users\Ivabiggin\AppData\Roaming\Ahead
2009-07-21 21:52 . 2009-07-29 11:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 14:11 . 2009-07-19 14:11 -------- d-----w- c:\program files\LSI SoftModem
2009-07-19 14:11 . 2009-07-19 14:11 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-19 14:08 . 2009-07-19 14:08 -------- d-----w- c:\program files\Microsoft
2009-07-17 13:54 . 2009-08-12 08:59 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 09:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 09:04 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 09:04 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 09:04 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 07:21 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 07:21 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 07:21 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 07:21 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 07:21 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-06-26 12:55 . 2009-06-26 12:55 66080 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2009-06-26 12:54 . 2009-06-26 12:54 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2009-06-26 12:54 . 2009-06-26 12:54 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2009-06-24 12:07 . 2008-05-14 02:09 151552 ----a-w- c:\windows\system32\nvcohda.dll
2009-06-24 12:07 . 2009-06-24 12:07 485920 ----a-w- c:\windows\system32\nvuhda.exe
2009-06-24 12:07 . 2008-07-22 13:03 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-17 14:28 . 2009-06-17 09:13 531 ----a-w- c:\windows\eReg.dat
2009-06-17 13:35 . 2009-06-17 13:35 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2008-06-25 05:45 . 2008-06-25 05:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 06:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-29 171448]
"BitTorrent DNA"="c:\users\Ivabiggin\Program Files\DNA\btdna.exe" [2009-01-01 342848]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 217088]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-09-11 2248704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-15 75008]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 774168]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-11-10 1980200]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-17 727592]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-16 696320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):25,02,ce,a2,51,01,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0AEEE84A-0966-4E78-BDB9-C69C6DE1F5F5}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9E88283F-4EA0-4749-B671-C527381642C5}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{644E6AC4-22C6-4C89-8F18-A9EC36344540}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{373E24BD-F071-4829-B89A-A4A836741BBB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{919D730F-73A8-4AC0-8A33-652FA1800352}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{129CF23B-0D72-4BD2-887D-79C571F5C7B2}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{C46BC753-DD64-44A7-A246-0996C2FC03AB}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{F9BD7C32-9014-4C12-95F4-1C5AE776C0AC}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{F1A6C2BC-BBE4-4471-9A87-D5230A38C877}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [10/11/2008 2:34 PM 104456]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_04e021df\AEstSrv.exe [22/07/2008 11:06 PM 73728]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 4:50 PM 30312]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [10/11/2008 2:34 PM 711240]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [10/11/2008 2:34 PM 36360]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19/03/2008 9:24 AM 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [25/06/2008 6:58 PM 361808]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 4:28 PM 1533808]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\System32\drivers\AVerBDA716x.sys [22/07/2008 11:04 PM 934912]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/06/2008 5:30 PM 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 11:23 PM 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [17/07/2008 12:37 PM 97936]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 3:40 PM 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26/06/2009 10:55 PM 66080]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [27/12/2008 1:27 PM 7168]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 9:31 PM 29263712]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\System32\drivers\ZTEusbnet.sys [13/10/2008 5:49 AM 110080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-AU\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ivabiggin\AppData\Roaming\Mozilla\Firefox\Profiles\osvfjxlb.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Ivabiggin\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-02777301 - c:\programdata\02777301\02777301.exe
HKLM-Run-97783006 - c:\programdata\97783006\97783006.exe
HKLM-Run-{90BF8224-CD63-4081-A4C7-EF9A2CF6596F} - c:\programdata\97783006\97783006.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5340)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\ehsched.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-09-14 23:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-14 13:44

Pre-Run: 191,192,584,192 bytes free
Post-Run: 193,839,591,424 bytes free

270 --- E O F --- 2009-09-11 14:52




THANKS AGAIN FOR THE HELP

speak again soon

[nicko.custom]

Was that all i needed to do or is there still a problem ?
Thanks

[kahdah]

First: Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

• Click on the update tab then click on Check for updates.
• If an update is found, it will download and install the latest version.
• Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
Second: Online Scanner
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.