Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Affected with W32.gaobot.worm.gen.u [Solved]

Started by bengaluru , Sep 20 2009 08:09 PM

  • This topic is locked This topic is locked

#1
bengaluru
Posted 20 September 2009 - 08:09 PM

bengaluru

    Member

  • Member
  • PipPipPip
  • 143 posts
Hi

I confirm that I have read the Cleaning Guide, downloaded all the applications, some of them did not run and gave an error. I am unable to post a log because for some reason the log file does not get saved.

My laptop seems to be infected with the worm W32/Gaobot.worm.gen.u and I am trying to get a log file. I run on Windows Vista and I am the only user on my laptop. I downloaded HijackThis and scanned my system.

Please can somebody respond.
  • 0

Advertisements

#2
bengaluru
Posted 21 September 2009 - 09:47 AM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi guys,

Is there anyone who can help me get rid of this worm? Your help is much appreciated.
  • 0

#3
bengaluru
Posted 26 September 2009 - 07:27 AM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hello guys,

I have been waiting for long and it appears that there is no solution. I will post this in the waiting room and keep waiting.

Thanks
  • 0

#4
Tweene
Posted 26 September 2009 - 01:11 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello bengaluru


I'm Tweene and i'll try to help you.


I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. So please bear with me.
  • Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • Please reply to this thread. Do not start a new topic.
  • As we will likely be using Notepad please check that word wrap is turned off before you start. To do this, open Notepad, choose Format, then make sure Word Wrap is Un-checked. Word Wrap makes reading your log difficult and may prevent fixes using Notepad from working.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and we will go through it together.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • Make sure you reply to this thread using the Add Reply button

Please read this post completely, it may make it easier if you copy and paste my posts to a new text document or print it for reference later. This will especially help you when your computer is off line. You may want to do this following each post for each set of instructions.



Vista Advice:

The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • 0

#5
Tweene
Posted 26 September 2009 - 01:29 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hi
  • Please download ad13's win32ksys to your desktop
  • Double click to run it
  • A black window will appear, let this run
  • On completion a log will appear on your desktop called Win32kDiag.txt please post this in your next reply.

  • 0

#6
bengaluru
Posted 27 September 2009 - 11:16 AM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Thank you Tweene for your kind help.

Here is the log from W32kdiag.

Running from: C:\Users\Nidhi\Downloads\Win32kDiag.exeLog file at : C:\Users\Nidhi\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\Windows'...Found mount point : C:\Windows\AppPatch\Custom\CustomMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP67E0.tmp\ZAP67E0.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\temp\tempMount point destination : \Device\__max++>\^Found mount point : C:\Windows\assembly\tmp\tmpMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ehome\CreateDisc\style\styleMount point destination : \Device\__max++>\^Found mount point : C:\Windows\Globalization\GlobalizationMount point destination : \Device\__max++>\^Found mount point : C:\Windows\Help\Corporate\CorporateMount point destination : \Device\__max++>\^Found mount point : C:\Windows\inf\en-US\en-USMount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.4518\12.0.4518Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6215\12.0.6215Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6215\12.0.6215Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6215\12.0.6215Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6215\12.0.6215Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6215\12.0.6215Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6215\12.0.6215Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6215\12.0.6215Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109AB0090400000000000F01FEC\12.0.4518\12.0.4518Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6215\12.0.6215Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.6215\12.0.6215Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\java\classes\classesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\java\TrustLib\TrustLibMount point destination : \Device\__max++>\^Found mount point : C:\Windows\LiveKernelReports\LiveKernelReportsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\Microsoft.NET\authman\authmanMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ModemLogs\ModemLogsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\nap\configuration\configurationMount point destination : \Device\__max++>\^Found mount point : C:\Windows\Panther\setup.exe\setup.exeMount point destination : \Device\__max++>\^Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLESMount point destination : \Device\__max++>\^Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFFMount point destination : \Device\__max++>\^Found mount point : C:\Windows\PLA\Templates\TemplatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\registration\CRMLog\CRMLogMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SchCache\SchCacheMount point destination : \Device\__max++>\^Found mount point : C:\Windows\security\templates\templatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorerMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqmMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAVMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center ProgramsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick LaunchMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\CertificatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description DocumentsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network ShortcutsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer ShortcutsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\RecentMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\TemplatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\DesktopMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\DocumentsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\DownloadsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\FavoritesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\LinksMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\MusicMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\PicturesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved GamesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\VideosMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorerMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPDMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center ProgramsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick LaunchMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\CertificatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network ShortcutsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer ShortcutsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\RecentMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\TemplatesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\DesktopMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\DocumentsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\DownloadsMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\FavoritesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\LinksMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\MusicMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\PicturesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved GamesMount point destination : \Device\__max++>\^Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\VideosMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\DownloadedMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863eMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aefMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229bMount point destination : \Device\__max++>\^Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9abMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52cMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ecMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755Mount point destination : \Device\__max++>\^Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3eMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06Mount point destination : \Device\__max++>\^Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016fMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47bMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144cMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319cMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bdMount point destination : \Device\__max++>\^Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22Mount point destination : \Device\__max++>\^Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850fMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25fMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053efMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fbMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66ccMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841cMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3dMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00Mount point destination : \Device\__max++>\^Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16700_none_0a3bfb69f525d803\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16700_none_0a3bfb69f525d803: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20856_none_0a958a550e669b8c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20856_none_0a958a550e669b8c: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18089_none_0bd4bb63f2852f64\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18089_none_0bd4bb63f2852f64: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22201_none_0cacd7250b692215\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22201_none_0cacd7250b692215: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16700_none_0a3ffc91f5223d5f\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16700_none_0a3ffc91f5223d5f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20856_none_0a998b7d0e6300e8\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20856_none_0a998b7d0e6300e8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18089_none_0bd8bc8bf28194c0\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18089_none_0bd8bc8bf28194c0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\be1ae9d467d31f99e4c451bfdbd8940c\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22201_none_0cb0d84d0b658771\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22201_none_0cb0d84d0b658771: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16717_none_a9e15ad3f5abc778\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16717_none_a9e15ad3f5abc778Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20879_none_aa2c18ab0ef84196\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20879_none_aa2c18ab0ef84196Mount point destination : \Device\__max++>\^Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16711_none_ebd662c7164a156d\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16711_none_ebd662c7164a156d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20868_none_ec30f1fc2f89f24d\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20868_none_ec30f1fc2f89f24d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_b2f30b79d9aa8cd1\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16711_none_b2f30b79d9aa8cd1: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_b34d9aaef2ea69b1\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20868_none_b34d9aaef2ea69b1: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_b563e734efedd6e3\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22212_none_b563e734efedd6e3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16711_none_ded59a427f534c40\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16711_none_ded59a427f534c40: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20868_none_df30297798932920\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20868_none_df30297798932920: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18099_none_e06d59f27cb38a4a\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18099_none_e06d59f27cb38a4a: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22212_none_e14675fd95969652\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22212_none_e14675fd95969652: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16711_none_8d4999ae54b931f5\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16711_none_8d4999ae54b931f5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20868_none_8da428e36df90ed5\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20868_none_8da428e36df90ed5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16711_none_f9a209f56e9f2db7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16711_none_f9a209f56e9f2db7: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20868_none_f9fc992a87df0a97\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20868_none_f9fc992a87df0a97: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16711_none_95d642ad8484b3e5\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16711_none_95d642ad8484b3e5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20868_none_9630d1e29dc490c5\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20868_none_9630d1e29dc490c5: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16711_none_4638dd0546456672\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16711_none_4638dd0546456672Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20868_none_46936c3a5f854352\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20868_none_46936c3a5f854352Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16711_none_1153063a250a1c9a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16711_none_1153063a250a1c9aMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20868_none_11ad956f3e49f97a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20868_none_11ad956f3e49f97aMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18099_none_12eac5ea226a5aa4\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18099_none_12eac5ea226a5aa4Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22212_none_13c3e1f53b4d66ac\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22212_none_13c3e1f53b4d66acMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16711_none_58ab7304671ea8a3\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16711_none_58ab7304671ea8a3Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20868_none_59060239805e8583\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20868_none_59060239805e8583Mount point destination : \Device\__max++>\^Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16711_none_c3e0a8c26159eaec\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16711_none_c3e0a8c26159eaecMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20868_none_c43b37f77a99c7cc\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20868_none_c43b37f77a99c7ccMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16711_none_2a05bf326809c049\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16711_none_2a05bf326809c049Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20868_none_2a604e6781499d29\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20868_none_2a604e6781499d29Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16711_none_62b2603db0ffaac7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16711_none_62b2603db0ffaac7Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20868_none_630cef72ca3f87a7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20868_none_630cef72ca3f87a7Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18099_none_644a1fedae5fe8d1\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18099_none_644a1fedae5fe8d1Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22212_none_65233bf8c742f4d9\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22212_none_65233bf8c742f4d9Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16711_none_e6abccbc9482feff\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16711_none_e6abccbc9482feffMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20868_none_e7065bf1adc2dbdf\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20868_none_e7065bf1adc2dbdfMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16711_none_0b5401d8d6fdbeb1\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16711_none_0b5401d8d6fdbeb1Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\Download\fc97889c0e66e950971fb8d6b495c2d7\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20868_none_0bae910df03d9b91\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20868_none_0bae910df03d9b91Mount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCacheMount point destination : \Device\__max++>\^Found mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFileMount point destination : \Device\__max++>\^Cannot access: C:\Windows\System32\cngaudit.dll[1] 2006-11-02 05:46:03 61952 C:\Windows\System32\cngaudit.dll ()
  • 0

#7
bengaluru
Posted 27 September 2009 - 11:20 AM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hello Tweene,

I have been reading on the Internet and all the symptoms tell me that I might be affected with rootkit.

Thanks once again for all your help.
  • 0

#8
Tweene
Posted 27 September 2009 - 04:56 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello


You may be right :)

As we will likely be using Notepad please check that word wrap is turned off before you start. To do this, open Notepad, choose Format, then make sure Word Wrap is Un-checked. Word Wrap makes reading your log difficult and may prevent fixes using Notepad from working.


You're log is incomplete, if you can't post it in one post, you can attach it ... or if it is to large to attach then upload to Mediafire and post the sharing link.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#9
bengaluru
Posted 27 September 2009 - 08:03 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Attached File  Win32kDiag.txt   53.25KB   155 downloads

I ran the W32Diag.exe once again, but the log is no different. This is the complete log and I have attached the txt file.

Thanks for your help.
  • 0

#10
Tweene
Posted 28 September 2009 - 01:24 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
Hello


Please remember : "All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator."


Step 1

I've noticed that Win32kdiag is not on your desktop, please delete it and download it again to your desktop.


Step 2

We'll try running win32kdiag from command line

Click on Start->Run, and copy/paste the contents of the code below into the "Open" box

"%userprofile%\desktop\win32kdiag.exe" -f -r

Click OK.
When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.


Step 3

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


Step 4

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall
  • This should fix your search engine redirects. Please restart your PC, check how its running and if there are any more redirects.
Step 5

Please post the following logs in your next reply :
- the win32kdiag from the second step
- the avenger log from the third step
- the combofix log from the fourth step
  • 0

Advertisements

#11
bengaluru
Posted 28 September 2009 - 01:30 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Thank Tweene. I will follow your instructions and post the results. But I noticed that I do not have the Run option under Start. How do I paste the contents of the code below into the "Open" box ?
  • 0

#12
Tweene
Posted 28 September 2009 - 02:04 PM

Tweene

    Trusted Helper

  • Malware Removal
  • 1,387 posts
In the left of the "space bar" you have the windows button

Try this : Press the Windows and R buttons

The "Run" window should open.


http://www.vista4beg...-the-Run-button
  • 0

#13
bengaluru
Posted 28 September 2009 - 04:37 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

Hello


Please remember : "All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator."


Step 1

I've noticed that Win32kdiag is not on your desktop, please delete it and download it again to your desktop.


Step 2

We'll try running win32kdiag from command line

Click on Start->Run, and copy/paste the contents of the code below into the "Open" box

"%userprofile%\desktop\win32kdiag.exe" -f -r

Click OK.
When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.


Hello Tweene,

How long should I wait for the W32diag to run ? Because it stops at "Attempting to restore permissions" I have attached the log file here.Attached File  Win32kDiag.txt   20.41KB   152 downloads

I will attach the other files in the next post.
  • 0

#14
bengaluru
Posted 28 September 2009 - 05:06 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi Tweene,

This is the log from Avenger

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#15
bengaluru
Posted 28 September 2009 - 07:31 PM

bengaluru

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
My combo-fix has completed running and here is the Log reportAttached File  combofix.txt   46.15KB   190 downloads

Edited by bengaluru, 28 September 2009 - 08:53 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP