Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser redirects, stops any anti-malware program then disable use.


  • Please log in to reply

#1
Sonnung

Sonnung

    New Member

  • Member
  • Pip
  • 5 posts
I've somehow managed to get a nasty piece of malware that redirects my internet browsers every so often and always redirects any search link from websites such as Yahoo or Google. I've run multiple programs(Malware Bytes, Spybot Search & Destroy, AVG, Trend Micro Housecall, Combo Fix, Avast) and the malware stops the process and close the program, then it prevents me from being able to run the programs(an error saying that I don't have the appropriate priveleges) again unless I reinstall them. I've already made a log with Win32kDiag.

Running from: C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP107.tmp\ZAP107.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EE.tmp\ZAP1EE.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\nvcpl\nvcpl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe


  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Sonnung

Welcome to G2Go. :)
=====================
Please delete the Win32kDiag log then do the following:

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r
  • 0

#3
Sonnung

Sonnung

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
This is the new log.

Running from: C:\Documents and Settings\HP_Administrator\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP107.tmp\ZAP107.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP107.tmp\ZAP107.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EE.tmp\ZAP1EE.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EE.tmp\ZAP1EE.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\Help\nvcpl\nvcpl

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\nvcpl\nvcpl

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\setup.pss\setup.pss

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\40fc5c00ee89ac515590995374843d78\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\40fc5c00ee89ac515590995374843d78\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\50d0c9ff929a7477233edd0771ffdb01\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\50d0c9ff929a7477233edd0771ffdb01\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\526e15b6e1b5300357490c8089b5f84e\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\526e15b6e1b5300357490c8089b5f84e\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\55b5c397ff94db07e8c1c336efaf0a7b\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\55b5c397ff94db07e8c1c336efaf0a7b\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6b5f9b6e24a379bdb34ad3589556de3e\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6b5f9b6e24a379bdb34ad3589556de3e\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8a37f70e90784c333642cb76a8881df8\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\8a37f70e90784c333642cb76a8881df8\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991099a35378d98f420ab4028323ec84\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\991099a35378d98f420ab4028323ec84\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a4a9ccd1806461c53ce89bdd6f4591bf\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a4a9ccd1806461c53ce89bdd6f4591bf\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d378d94379aa314a2f8a03df7faef1bc\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d378d94379aa314a2f8a03df7faef1bc\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e7d26e5776f9930c6ad9dff351940707\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e7d26e5776f9930c6ad9dff351940707\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ee52836d5c671146809a1dc54498be1f\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\ee52836d5c671146809a1dc54498be1f\download\download

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3831031948-2026046519-1659956988-1007\S-1-5-21-3831031948-2026046519-1659956988-1007

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3831031948-2026046519-1659956988-1007\S-1-5-21-3831031948-2026046519-1659956988-1007

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Rhapsody\Rhapsody

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Rhapsody\Rhapsody

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\temp

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\directx\directx

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\directx\directx

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\drivers\drivers

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\drivers\drivers

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\help\help

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\help\help

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\inf\inf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\inf\inf

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\sysbckup\sysbckup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\sysbckup\sysbckup

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\system\system

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\system\system

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll


  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Was that it,it appears to be incomplete.
If there is more please post the rest.
  • 0

#5
Sonnung

Sonnung

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Huh. Sorry about that, not sure why I didn't get it all the first time.

Running from: C:\Documents and Settings\HP_Administrator\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP107.tmp\ZAP107.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP107.tmp\ZAP107.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EE.tmp\ZAP1EE.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EE.tmp\ZAP1EE.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\Help\nvcpl\nvcpl

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\nvcpl\nvcpl

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\setup.pss\setup.pss

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\40fc5c00ee89ac515590995374843d78\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\40fc5c00ee89ac515590995374843d78\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\50d0c9ff929a7477233edd0771ffdb01\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\50d0c9ff929a7477233edd0771ffdb01\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\526e15b6e1b5300357490c8089b5f84e\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\526e15b6e1b5300357490c8089b5f84e\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\55b5c397ff94db07e8c1c336efaf0a7b\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\55b5c397ff94db07e8c1c336efaf0a7b\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6b5f9b6e24a379bdb34ad3589556de3e\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6b5f9b6e24a379bdb34ad3589556de3e\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\8a37f70e90784c333642cb76a8881df8\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\8a37f70e90784c333642cb76a8881df8\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991099a35378d98f420ab4028323ec84\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\991099a35378d98f420ab4028323ec84\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a4a9ccd1806461c53ce89bdd6f4591bf\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a4a9ccd1806461c53ce89bdd6f4591bf\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\ca6c24ab62fe8433c5d63bb11a2e5a2c\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cfb5c33fcc73ed7dcd60250b085691a5\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d378d94379aa314a2f8a03df7faef1bc\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d378d94379aa314a2f8a03df7faef1bc\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e7d26e5776f9930c6ad9dff351940707\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\e7d26e5776f9930c6ad9dff351940707\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ee52836d5c671146809a1dc54498be1f\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\ee52836d5c671146809a1dc54498be1f\download\download

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3831031948-2026046519-1659956988-1007\S-1-5-21-3831031948-2026046519-1659956988-1007

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3831031948-2026046519-1659956988-1007\S-1-5-21-3831031948-2026046519-1659956988-1007

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Rhapsody\Rhapsody

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Rhapsody\Rhapsody

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\temp\temp

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\directx\directx

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\directx\directx

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\drivers\drivers

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\drivers\drivers

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\help\help

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\help\help

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\inf\inf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\inf\inf

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\sysbckup\sysbckup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\sysbckup\sysbckup

Found mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\system\system

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\DirectX\DX42.tmp\system\system

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 62976 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Found mount point : C:\WINDOWS\system32\Lang\Lang

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Lang\Lang

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Temp\Temp

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\_avast4_\_avast4_

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp



Finished!


  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
========================================
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
Sonnung

Sonnung

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Okay... So far, I haven't been able to successfully run Combofix out of four or five attempts. I did get a quick scan out of Malware Bytes, but my system halts whenever I run any anti-virus now. They'll get so far, then everything slows down and then eventually just freezes altogether. Avenger, at least, ran properly. Also, whenever I try Combofix, my system always seems to freeze when it gets around step 32 or 33, I have no idea if that's significant or not, or useful information.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.


  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok please do the following then:


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP