Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Request for Assistance - Rootkit Problem


  • This topic is locked This topic is locked
14 replies to this topic

#1 Dave1954

Dave1954

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 24 September 2009 - 02:04 PM

Windows XP Service Pack 3. I can't run anti-malware programs. When I execute the scan the screen disappears. Going back into the anti-malware program produces a permissions message. After reviewing some of the threads, I found win32k.sys:1 and :2 in the windows directory with sizes 20480 and 61440.

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:15 PM

Posted 24 September 2009 - 04:35 PM

Hi, Dave1954 :(

Welcome.

Please follow these steps:

Step 1

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, including the quotation marks, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. Please allow enough time for this application to complete the scan. If the word finished is not at the end of the report, the application has not finished.

"%userprofile%\desktop\win32kdiag.exe" -f -r


Step 2

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" .
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Dave1954

Dave1954
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 24 September 2009 - 06:42 PM

STEP 1 - Win32kDiag.txt Working on Step 2

Running from: C:\Documents and Settings\David\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\David\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16B1.tmp\ZAP16B1.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16B1.tmp\ZAP16B1.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP18E8.tmp\ZAP18E8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP18E8.tmp\ZAP18E8.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP276.tmp\ZAP276.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP276.tmp\ZAP276.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\18555481990E8AB4CBB63FB4F26006C0\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\18555481990E8AB4CBB63FB4F26006C0\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f49cda1898bcf48b982dace6ad0aeca3\f49cda1898bcf48b982dace6ad0aeca3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f49cda1898bcf48b982dace6ad0aeca3\f49cda1898bcf48b982dace6ad0aeca3

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 07:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 20:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

[1] 2004-08-04 07:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Cannot access: C:\WINDOWS\Temp\hsperfdata_SYSTEM\3356

Attempting to restore permissions of : C:\WINDOWS\Temp\hsperfdata_SYSTEM\3356

Found mount point : C:\WINDOWS\Temp\MCE00000\MCE00000

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00000\MCE00000

Found mount point : C:\WINDOWS\Temp\MCE00001\MCE00001

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00001\MCE00001

Found mount point : C:\WINDOWS\Temp\MCE00002\MCE00002

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00002\MCE00002

Found mount point : C:\WINDOWS\Temp\MCE00003\MCE00003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00003\MCE00003

Found mount point : C:\WINDOWS\Temp\MCE00004\MCE00004

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00004\MCE00004

Found mount point : C:\WINDOWS\Temp\MCE00005\MCE00005

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00005\MCE00005

Found mount point : C:\WINDOWS\Temp\MCE00006\MCE00006

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00006\MCE00006

Found mount point : C:\WINDOWS\Temp\MCE00007\MCE00007

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00007\MCE00007

Found mount point : C:\WINDOWS\Temp\MCE00008\MCE00008

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00008\MCE00008

Found mount point : C:\WINDOWS\Temp\MCE00009\MCE00009

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00009\MCE00009

Found mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a

Found mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b

Found mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c

Found mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d

Found mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e

Found mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f

Found mount point : C:\WINDOWS\Temp\MCE00010\MCE00010

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00010\MCE00010

Found mount point : C:\WINDOWS\Temp\MCE00011\MCE00011

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00011\MCE00011

Found mount point : C:\WINDOWS\Temp\MCE00012\MCE00012

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00012\MCE00012

Found mount point : C:\WINDOWS\Temp\MCE00013\MCE00013

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00013\MCE00013

Found mount point : C:\WINDOWS\Temp\MCE00014\MCE00014

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00014\MCE00014

Found mount point : C:\WINDOWS\Temp\MCE00015\MCE00015

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00015\MCE00015

Found mount point : C:\WINDOWS\Temp\MCE00016\MCE00016

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00016\MCE00016

Found mount point : C:\WINDOWS\Temp\MCE00017\MCE00017

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00017\MCE00017

Found mount point : C:\WINDOWS\Temp\MCE00018\MCE00018

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00018\MCE00018

Found mount point : C:\WINDOWS\Temp\MCE00019\MCE00019

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00019\MCE00019

Found mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a

Found mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b

Found mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c

Found mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d

Found mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e

Found mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f

Found mount point : C:\WINDOWS\Temp\MCE00020\MCE00020

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00020\MCE00020

Found mount point : C:\WINDOWS\Temp\MCE00021\MCE00021

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00021\MCE00021

Found mount point : C:\WINDOWS\Temp\MCE00022\MCE00022

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00022\MCE00022

Found mount point : C:\WINDOWS\Temp\MCE00023\MCE00023

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00023\MCE00023

Found mount point : C:\WINDOWS\Temp\MCE00024\MCE00024

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00024\MCE00024

Found mount point : C:\WINDOWS\Temp\MCE00025\MCE00025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00025\MCE00025

Found mount point : C:\WINDOWS\Temp\MCE00026\MCE00026

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00026\MCE00026

Found mount point : C:\WINDOWS\Temp\MCE00027\MCE00027

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00027\MCE00027

Found mount point : C:\WINDOWS\Temp\MCE00028\MCE00028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00028\MCE00028

Found mount point : C:\WINDOWS\Temp\MCE00029\MCE00029

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00029\MCE00029

Found mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a

Found mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b

Found mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c

Found mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d

Found mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e

Found mount point : C:\WINDOWS\Temp\MCE0002f\MCE0002f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0002f\MCE0002f

Found mount point : C:\WINDOWS\Temp\MCE00030\MCE00030

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00030\MCE00030

Found mount point : C:\WINDOWS\Temp\MCE00031\MCE00031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00031\MCE00031

Found mount point : C:\WINDOWS\Temp\MCE00032\MCE00032

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00032\MCE00032

Found mount point : C:\WINDOWS\Temp\MCE00033\MCE00033

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00033\MCE00033

Found mount point : C:\WINDOWS\Temp\MCE00034\MCE00034

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00034\MCE00034

Found mount point : C:\WINDOWS\Temp\MCE00035\MCE00035

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00035\MCE00035

Found mount point : C:\WINDOWS\Temp\MCE00036\MCE00036

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00036\MCE00036

Found mount point : C:\WINDOWS\Temp\MCE00037\MCE00037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00037\MCE00037

Found mount point : C:\WINDOWS\Temp\MCE00038\MCE00038

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00038\MCE00038

Found mount point : C:\WINDOWS\Temp\MCE00039\MCE00039

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00039\MCE00039

Found mount point : C:\WINDOWS\Temp\MCE0003a\MCE0003a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003a\MCE0003a

Found mount point : C:\WINDOWS\Temp\MCE0003b\MCE0003b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003b\MCE0003b

Found mount point : C:\WINDOWS\Temp\MCE0003c\MCE0003c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003c\MCE0003c

Found mount point : C:\WINDOWS\Temp\MCE0003d\MCE0003d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003d\MCE0003d

Found mount point : C:\WINDOWS\Temp\MCE0003e\MCE0003e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003e\MCE0003e

Found mount point : C:\WINDOWS\Temp\MCE0003f\MCE0003f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0003f\MCE0003f

Found mount point : C:\WINDOWS\Temp\MCE00040\MCE00040

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00040\MCE00040

Found mount point : C:\WINDOWS\Temp\MCE00041\MCE00041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00041\MCE00041

Found mount point : C:\WINDOWS\Temp\MCE00042\MCE00042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00042\MCE00042

Found mount point : C:\WINDOWS\Temp\MCE00043\MCE00043

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00043\MCE00043

Found mount point : C:\WINDOWS\Temp\MCE00044\MCE00044

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00044\MCE00044

Found mount point : C:\WINDOWS\Temp\MCE00045\MCE00045

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00045\MCE00045

Found mount point : C:\WINDOWS\Temp\MCE00046\MCE00046

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00046\MCE00046

Found mount point : C:\WINDOWS\Temp\MCE00047\MCE00047

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00047\MCE00047

Found mount point : C:\WINDOWS\Temp\MCE00048\MCE00048

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00048\MCE00048

Found mount point : C:\WINDOWS\Temp\MCE00049\MCE00049

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00049\MCE00049

Found mount point : C:\WINDOWS\Temp\MCE0004a\MCE0004a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004a\MCE0004a

Found mount point : C:\WINDOWS\Temp\MCE0004b\MCE0004b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004b\MCE0004b

Found mount point : C:\WINDOWS\Temp\MCE0004c\MCE0004c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004c\MCE0004c

Found mount point : C:\WINDOWS\Temp\MCE0004d\MCE0004d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004d\MCE0004d

Found mount point : C:\WINDOWS\Temp\MCE0004e\MCE0004e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004e\MCE0004e

Found mount point : C:\WINDOWS\Temp\MCE0004f\MCE0004f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0004f\MCE0004f

Found mount point : C:\WINDOWS\Temp\MCE00050\MCE00050

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00050\MCE00050

Found mount point : C:\WINDOWS\Temp\MCE00051\MCE00051

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00051\MCE00051

Found mount point : C:\WINDOWS\Temp\MCE00052\MCE00052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00052\MCE00052

Found mount point : C:\WINDOWS\Temp\MCE00053\MCE00053

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00053\MCE00053

Found mount point : C:\WINDOWS\Temp\MCE00054\MCE00054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00054\MCE00054

Found mount point : C:\WINDOWS\Temp\MCE00055\MCE00055

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00055\MCE00055

Found mount point : C:\WINDOWS\Temp\MCE00056\MCE00056

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00056\MCE00056

Found mount point : C:\WINDOWS\Temp\MCE00057\MCE00057

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00057\MCE00057

Found mount point : C:\WINDOWS\Temp\MCE00058\MCE00058

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00058\MCE00058

Found mount point : C:\WINDOWS\Temp\MCE00059\MCE00059

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00059\MCE00059

Found mount point : C:\WINDOWS\Temp\MCE0005a\MCE0005a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005a\MCE0005a

Found mount point : C:\WINDOWS\Temp\MCE0005b\MCE0005b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005b\MCE0005b

Found mount point : C:\WINDOWS\Temp\MCE0005c\MCE0005c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005c\MCE0005c

Found mount point : C:\WINDOWS\Temp\MCE0005d\MCE0005d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005d\MCE0005d

Found mount point : C:\WINDOWS\Temp\MCE0005e\MCE0005e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005e\MCE0005e

Found mount point : C:\WINDOWS\Temp\MCE0005f\MCE0005f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0005f\MCE0005f

Found mount point : C:\WINDOWS\Temp\MCE00060\MCE00060

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00060\MCE00060

Found mount point : C:\WINDOWS\Temp\MCE00061\MCE00061

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00061\MCE00061

Found mount point : C:\WINDOWS\Temp\MCE00062\MCE00062

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00062\MCE00062

Found mount point : C:\WINDOWS\Temp\MCE00063\MCE00063

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00063\MCE00063

Found mount point : C:\WINDOWS\Temp\MCE00064\MCE00064

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00064\MCE00064

Found mount point : C:\WINDOWS\Temp\MCE00065\MCE00065

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00065\MCE00065

Found mount point : C:\WINDOWS\Temp\MCE00066\MCE00066

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00066\MCE00066

Found mount point : C:\WINDOWS\Temp\MCE00067\MCE00067

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00067\MCE00067

Found mount point : C:\WINDOWS\Temp\MCE00068\MCE00068

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00068\MCE00068

Found mount point : C:\WINDOWS\Temp\MCE00069\MCE00069

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00069\MCE00069

Found mount point : C:\WINDOWS\Temp\MCE0006a\MCE0006a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006a\MCE0006a

Found mount point : C:\WINDOWS\Temp\MCE0006b\MCE0006b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006b\MCE0006b

Found mount point : C:\WINDOWS\Temp\MCE0006c\MCE0006c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006c\MCE0006c

Found mount point : C:\WINDOWS\Temp\MCE0006d\MCE0006d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006d\MCE0006d

Found mount point : C:\WINDOWS\Temp\MCE0006e\MCE0006e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006e\MCE0006e

Found mount point : C:\WINDOWS\Temp\MCE0006f\MCE0006f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0006f\MCE0006f

Found mount point : C:\WINDOWS\Temp\MCE00070\MCE00070

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00070\MCE00070

Found mount point : C:\WINDOWS\Temp\MCE00071\MCE00071

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00071\MCE00071

Found mount point : C:\WINDOWS\Temp\MCE00072\MCE00072

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00072\MCE00072

Found mount point : C:\WINDOWS\Temp\MCE00073\MCE00073

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00073\MCE00073

Found mount point : C:\WINDOWS\Temp\MCE00074\MCE00074

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00074\MCE00074

Found mount point : C:\WINDOWS\Temp\MCE00075\MCE00075

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00075\MCE00075

Found mount point : C:\WINDOWS\Temp\MCE00076\MCE00076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00076\MCE00076

Found mount point : C:\WINDOWS\Temp\MCE00077\MCE00077

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00077\MCE00077

Found mount point : C:\WINDOWS\Temp\MCE00078\MCE00078

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00078\MCE00078

Found mount point : C:\WINDOWS\Temp\MCE00079\MCE00079

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00079\MCE00079

Found mount point : C:\WINDOWS\Temp\MCE0007a\MCE0007a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007a\MCE0007a

Found mount point : C:\WINDOWS\Temp\MCE0007b\MCE0007b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007b\MCE0007b

Found mount point : C:\WINDOWS\Temp\MCE0007c\MCE0007c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007c\MCE0007c

Found mount point : C:\WINDOWS\Temp\MCE0007d\MCE0007d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007d\MCE0007d

Found mount point : C:\WINDOWS\Temp\MCE0007e\MCE0007e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007e\MCE0007e

Found mount point : C:\WINDOWS\Temp\MCE0007f\MCE0007f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0007f\MCE0007f

Found mount point : C:\WINDOWS\Temp\MCE00080\MCE00080

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00080\MCE00080

Found mount point : C:\WINDOWS\Temp\MCE00081\MCE00081

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00081\MCE00081

Found mount point : C:\WINDOWS\Temp\MCE00082\MCE00082

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00082\MCE00082

Found mount point : C:\WINDOWS\Temp\MCE00083\MCE00083

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00083\MCE00083

Found mount point : C:\WINDOWS\Temp\MCE00084\MCE00084

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00084\MCE00084

Found mount point : C:\WINDOWS\Temp\MCE00085\MCE00085

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00085\MCE00085

Found mount point : C:\WINDOWS\Temp\MCE00086\MCE00086

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00086\MCE00086

Found mount point : C:\WINDOWS\Temp\MCE00087\MCE00087

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00087\MCE00087

Found mount point : C:\WINDOWS\Temp\MCE00088\MCE00088

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00088\MCE00088

Found mount point : C:\WINDOWS\Temp\MCE00089\MCE00089

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00089\MCE00089

Found mount point : C:\WINDOWS\Temp\MCE0008a\MCE0008a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008a\MCE0008a

Found mount point : C:\WINDOWS\Temp\MCE0008b\MCE0008b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008b\MCE0008b

Found mount point : C:\WINDOWS\Temp\MCE0008c\MCE0008c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008c\MCE0008c

Found mount point : C:\WINDOWS\Temp\MCE0008d\MCE0008d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008d\MCE0008d

Found mount point : C:\WINDOWS\Temp\MCE0008e\MCE0008e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008e\MCE0008e

Found mount point : C:\WINDOWS\Temp\MCE0008f\MCE0008f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0008f\MCE0008f

Found mount point : C:\WINDOWS\Temp\MCE00090\MCE00090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00090\MCE00090

Found mount point : C:\WINDOWS\Temp\MCE00091\MCE00091

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00091\MCE00091

Found mount point : C:\WINDOWS\Temp\MCE00092\MCE00092

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00092\MCE00092

Found mount point : C:\WINDOWS\Temp\MCE00093\MCE00093

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00093\MCE00093

Found mount point : C:\WINDOWS\Temp\MCE00094\MCE00094

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00094\MCE00094

Found mount point : C:\WINDOWS\Temp\MCE00095\MCE00095

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00095\MCE00095

Found mount point : C:\WINDOWS\Temp\MCE00096\MCE00096

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00096\MCE00096

Found mount point : C:\WINDOWS\Temp\MCE00097\MCE00097

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00097\MCE00097

Found mount point : C:\WINDOWS\Temp\MCE00098\MCE00098

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00098\MCE00098

Found mount point : C:\WINDOWS\Temp\MCE00099\MCE00099

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00099\MCE00099

Found mount point : C:\WINDOWS\Temp\MCE0009a\MCE0009a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009a\MCE0009a

Found mount point : C:\WINDOWS\Temp\MCE0009b\MCE0009b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009b\MCE0009b

Found mount point : C:\WINDOWS\Temp\MCE0009c\MCE0009c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009c\MCE0009c

Found mount point : C:\WINDOWS\Temp\MCE0009d\MCE0009d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009d\MCE0009d

Found mount point : C:\WINDOWS\Temp\MCE0009e\MCE0009e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009e\MCE0009e

Found mount point : C:\WINDOWS\Temp\MCE0009f\MCE0009f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0009f\MCE0009f

Found mount point : C:\WINDOWS\Temp\MCE000a0\MCE000a0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a0\MCE000a0

Found mount point : C:\WINDOWS\Temp\MCE000a1\MCE000a1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a1\MCE000a1

Found mount point : C:\WINDOWS\Temp\MCE000a2\MCE000a2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a2\MCE000a2

Found mount point : C:\WINDOWS\Temp\MCE000a3\MCE000a3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a3\MCE000a3

Found mount point : C:\WINDOWS\Temp\MCE000a4\MCE000a4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a4\MCE000a4

Found mount point : C:\WINDOWS\Temp\MCE000a5\MCE000a5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a5\MCE000a5

Found mount point : C:\WINDOWS\Temp\MCE000a6\MCE000a6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a6\MCE000a6

Found mount point : C:\WINDOWS\Temp\MCE000a7\MCE000a7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a7\MCE000a7

Found mount point : C:\WINDOWS\Temp\MCE000a8\MCE000a8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a8\MCE000a8

Found mount point : C:\WINDOWS\Temp\MCE000a9\MCE000a9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000a9\MCE000a9

Found mount point : C:\WINDOWS\Temp\MCE000aa\MCE000aa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000aa\MCE000aa

Found mount point : C:\WINDOWS\Temp\MCE000ab\MCE000ab

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ab\MCE000ab

Found mount point : C:\WINDOWS\Temp\MCE000ac\MCE000ac

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ac\MCE000ac

Found mount point : C:\WINDOWS\Temp\MCE000ad\MCE000ad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ad\MCE000ad

Found mount point : C:\WINDOWS\Temp\MCE000ae\MCE000ae

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ae\MCE000ae

Found mount point : C:\WINDOWS\Temp\MCE000af\MCE000af

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000af\MCE000af

Found mount point : C:\WINDOWS\Temp\MCE000b0\MCE000b0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b0\MCE000b0

Found mount point : C:\WINDOWS\Temp\MCE000b1\MCE000b1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b1\MCE000b1

Found mount point : C:\WINDOWS\Temp\MCE000b2\MCE000b2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b2\MCE000b2

Found mount point : C:\WINDOWS\Temp\MCE000b3\MCE000b3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b3\MCE000b3

Found mount point : C:\WINDOWS\Temp\MCE000b4\MCE000b4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b4\MCE000b4

Found mount point : C:\WINDOWS\Temp\MCE000b5\MCE000b5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b5\MCE000b5

Found mount point : C:\WINDOWS\Temp\MCE000b6\MCE000b6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b6\MCE000b6

Found mount point : C:\WINDOWS\Temp\MCE000b7\MCE000b7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b7\MCE000b7

Found mount point : C:\WINDOWS\Temp\MCE000b8\MCE000b8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b8\MCE000b8

Found mount point : C:\WINDOWS\Temp\MCE000b9\MCE000b9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000b9\MCE000b9

Found mount point : C:\WINDOWS\Temp\MCE000ba\MCE000ba

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ba\MCE000ba

Found mount point : C:\WINDOWS\Temp\MCE000bb\MCE000bb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000bb\MCE000bb

Found mount point : C:\WINDOWS\Temp\MCE000bc\MCE000bc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000bc\MCE000bc

Found mount point : C:\WINDOWS\Temp\MCE000bd\MCE000bd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000bd\MCE000bd

Found mount point : C:\WINDOWS\Temp\MCE000be\MCE000be

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000be\MCE000be

Found mount point : C:\WINDOWS\Temp\MCE000bf\MCE000bf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000bf\MCE000bf

Found mount point : C:\WINDOWS\Temp\MCE000c0\MCE000c0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c0\MCE000c0

Found mount point : C:\WINDOWS\Temp\MCE000c1\MCE000c1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c1\MCE000c1

Found mount point : C:\WINDOWS\Temp\MCE000c2\MCE000c2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c2\MCE000c2

Found mount point : C:\WINDOWS\Temp\MCE000c3\MCE000c3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c3\MCE000c3

Found mount point : C:\WINDOWS\Temp\MCE000c4\MCE000c4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c4\MCE000c4

Found mount point : C:\WINDOWS\Temp\MCE000c5\MCE000c5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c5\MCE000c5

Found mount point : C:\WINDOWS\Temp\MCE000c6\MCE000c6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c6\MCE000c6

Found mount point : C:\WINDOWS\Temp\MCE000c7\MCE000c7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c7\MCE000c7

Found mount point : C:\WINDOWS\Temp\MCE000c8\MCE000c8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c8\MCE000c8

Found mount point : C:\WINDOWS\Temp\MCE000c9\MCE000c9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000c9\MCE000c9

Found mount point : C:\WINDOWS\Temp\MCE000ca\MCE000ca

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ca\MCE000ca

Found mount point : C:\WINDOWS\Temp\MCE000cb\MCE000cb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000cb\MCE000cb

Found mount point : C:\WINDOWS\Temp\MCE000cc\MCE000cc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000cc\MCE000cc

Found mount point : C:\WINDOWS\Temp\MCE000cd\MCE000cd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000cd\MCE000cd

Found mount point : C:\WINDOWS\Temp\MCE000ce\MCE000ce

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ce\MCE000ce

Found mount point : C:\WINDOWS\Temp\MCE000cf\MCE000cf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000cf\MCE000cf

Found mount point : C:\WINDOWS\Temp\MCE000d0\MCE000d0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d0\MCE000d0

Found mount point : C:\WINDOWS\Temp\MCE000d1\MCE000d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d1\MCE000d1

Found mount point : C:\WINDOWS\Temp\MCE000d2\MCE000d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d2\MCE000d2

Found mount point : C:\WINDOWS\Temp\MCE000d3\MCE000d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d3\MCE000d3

Found mount point : C:\WINDOWS\Temp\MCE000d4\MCE000d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d4\MCE000d4

Found mount point : C:\WINDOWS\Temp\MCE000d5\MCE000d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d5\MCE000d5

Found mount point : C:\WINDOWS\Temp\MCE000d6\MCE000d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d6\MCE000d6

Found mount point : C:\WINDOWS\Temp\MCE000d7\MCE000d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d7\MCE000d7

Found mount point : C:\WINDOWS\Temp\MCE000d8\MCE000d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d8\MCE000d8

Found mount point : C:\WINDOWS\Temp\MCE000d9\MCE000d9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000d9\MCE000d9

Found mount point : C:\WINDOWS\Temp\MCE000da\MCE000da

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000da\MCE000da

Found mount point : C:\WINDOWS\Temp\MCE000db\MCE000db

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000db\MCE000db

Found mount point : C:\WINDOWS\Temp\MCE000dc\MCE000dc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000dc\MCE000dc

Found mount point : C:\WINDOWS\Temp\MCE000dd\MCE000dd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000dd\MCE000dd

Found mount point : C:\WINDOWS\Temp\MCE000de\MCE000de

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000de\MCE000de

Found mount point : C:\WINDOWS\Temp\MCE000df\MCE000df

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000df\MCE000df

Found mount point : C:\WINDOWS\Temp\MCE000e0\MCE000e0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e0\MCE000e0

Found mount point : C:\WINDOWS\Temp\MCE000e1\MCE000e1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e1\MCE000e1

Found mount point : C:\WINDOWS\Temp\MCE000e2\MCE000e2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e2\MCE000e2

Found mount point : C:\WINDOWS\Temp\MCE000e3\MCE000e3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e3\MCE000e3

Found mount point : C:\WINDOWS\Temp\MCE000e4\MCE000e4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e4\MCE000e4

Found mount point : C:\WINDOWS\Temp\MCE000e5\MCE000e5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e5\MCE000e5

Found mount point : C:\WINDOWS\Temp\MCE000e6\MCE000e6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e6\MCE000e6

Found mount point : C:\WINDOWS\Temp\MCE000e7\MCE000e7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e7\MCE000e7

Found mount point : C:\WINDOWS\Temp\MCE000e8\MCE000e8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e8\MCE000e8

Found mount point : C:\WINDOWS\Temp\MCE000e9\MCE000e9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000e9\MCE000e9

Found mount point : C:\WINDOWS\Temp\MCE000ea\MCE000ea

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ea\MCE000ea

Found mount point : C:\WINDOWS\Temp\MCE000eb\MCE000eb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000eb\MCE000eb

Found mount point : C:\WINDOWS\Temp\MCE000ec\MCE000ec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ec\MCE000ec

Found mount point : C:\WINDOWS\Temp\MCE000ed\MCE000ed

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ed\MCE000ed

Found mount point : C:\WINDOWS\Temp\MCE000ee\MCE000ee

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ee\MCE000ee

Found mount point : C:\WINDOWS\Temp\MCE000ef\MCE000ef

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ef\MCE000ef

Found mount point : C:\WINDOWS\Temp\MCE000f0\MCE000f0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f0\MCE000f0

Found mount point : C:\WINDOWS\Temp\MCE000f1\MCE000f1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f1\MCE000f1

Found mount point : C:\WINDOWS\Temp\MCE000f2\MCE000f2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f2\MCE000f2

Found mount point : C:\WINDOWS\Temp\MCE000f3\MCE000f3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f3\MCE000f3

Found mount point : C:\WINDOWS\Temp\MCE000f4\MCE000f4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f4\MCE000f4

Found mount point : C:\WINDOWS\Temp\MCE000f5\MCE000f5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f5\MCE000f5

Found mount point : C:\WINDOWS\Temp\MCE000f6\MCE000f6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f6\MCE000f6

Found mount point : C:\WINDOWS\Temp\MCE000f7\MCE000f7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f7\MCE000f7

Found mount point : C:\WINDOWS\Temp\MCE000f8\MCE000f8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f8\MCE000f8

Found mount point : C:\WINDOWS\Temp\MCE000f9\MCE000f9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000f9\MCE000f9

Found mount point : C:\WINDOWS\Temp\MCE000fa\MCE000fa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000fa\MCE000fa

Found mount point : C:\WINDOWS\Temp\MCE000fb\MCE000fb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000fb\MCE000fb

Found mount point : C:\WINDOWS\Temp\MCE000fc\MCE000fc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000fc\MCE000fc

Found mount point : C:\WINDOWS\Temp\MCE000fd\MCE000fd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000fd\MCE000fd

Found mount point : C:\WINDOWS\Temp\MCE000fe\MCE000fe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000fe\MCE000fe

Found mount point : C:\WINDOWS\Temp\MCE000ff\MCE000ff

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE000ff\MCE000ff

Found mount point : C:\WINDOWS\Temp\MCE00100\MCE00100

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00100\MCE00100

Found mount point : C:\WINDOWS\Temp\MCE00101\MCE00101

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00101\MCE00101

Found mount point : C:\WINDOWS\Temp\MCE00102\MCE00102

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00102\MCE00102

Found mount point : C:\WINDOWS\Temp\MCE00103\MCE00103

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00103\MCE00103

Found mount point : C:\WINDOWS\Temp\MCE00104\MCE00104

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00104\MCE00104

Found mount point : C:\WINDOWS\Temp\MCE00105\MCE00105

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00105\MCE00105

Found mount point : C:\WINDOWS\Temp\MCE00106\MCE00106

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00106\MCE00106

Found mount point : C:\WINDOWS\Temp\MCE00107\MCE00107

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00107\MCE00107

Found mount point : C:\WINDOWS\Temp\MCE00108\MCE00108

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00108\MCE00108

Found mount point : C:\WINDOWS\Temp\MCE00109\MCE00109

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00109\MCE00109

Found mount point : C:\WINDOWS\Temp\MCE0010a\MCE0010a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010a\MCE0010a

Found mount point : C:\WINDOWS\Temp\MCE0010b\MCE0010b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010b\MCE0010b

Found mount point : C:\WINDOWS\Temp\MCE0010c\MCE0010c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010c\MCE0010c

Found mount point : C:\WINDOWS\Temp\MCE0010d\MCE0010d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010d\MCE0010d

Found mount point : C:\WINDOWS\Temp\MCE0010e\MCE0010e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010e\MCE0010e

Found mount point : C:\WINDOWS\Temp\MCE0010f\MCE0010f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0010f\MCE0010f

Found mount point : C:\WINDOWS\Temp\MCE00110\MCE00110

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00110\MCE00110

Found mount point : C:\WINDOWS\Temp\MCE00111\MCE00111

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00111\MCE00111

Found mount point : C:\WINDOWS\Temp\MCE00112\MCE00112

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00112\MCE00112

Found mount point : C:\WINDOWS\Temp\MCE00113\MCE00113

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00113\MCE00113

Found mount point : C:\WINDOWS\Temp\MCE00114\MCE00114

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00114\MCE00114

Found mount point : C:\WINDOWS\Temp\MCE00115\MCE00115

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00115\MCE00115

Found mount point : C:\WINDOWS\Temp\MCE00116\MCE00116

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00116\MCE00116

Found mount point : C:\WINDOWS\Temp\MCE00117\MCE00117

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00117\MCE00117

Found mount point : C:\WINDOWS\Temp\MCE00118\MCE00118

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00118\MCE00118

Found mount point : C:\WINDOWS\Temp\MCE00119\MCE00119

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00119\MCE00119

Found mount point : C:\WINDOWS\Temp\MCE0011a\MCE0011a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011a\MCE0011a

Found mount point : C:\WINDOWS\Temp\MCE0011b\MCE0011b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011b\MCE0011b

Found mount point : C:\WINDOWS\Temp\MCE0011c\MCE0011c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011c\MCE0011c

Found mount point : C:\WINDOWS\Temp\MCE0011d\MCE0011d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011d\MCE0011d

Found mount point : C:\WINDOWS\Temp\MCE0011e\MCE0011e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011e\MCE0011e

Found mount point : C:\WINDOWS\Temp\MCE0011f\MCE0011f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0011f\MCE0011f

Found mount point : C:\WINDOWS\Temp\MCE00120\MCE00120

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00120\MCE00120

Found mount point : C:\WINDOWS\Temp\MCE00121\MCE00121

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00121\MCE00121

Found mount point : C:\WINDOWS\Temp\MCE00122\MCE00122

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00122\MCE00122

Found mount point : C:\WINDOWS\Temp\MCE00123\MCE00123

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00123\MCE00123

Found mount point : C:\WINDOWS\Temp\MCE00124\MCE00124

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00124\MCE00124

Found mount point : C:\WINDOWS\Temp\MCE00125\MCE00125

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00125\MCE00125

Found mount point : C:\WINDOWS\Temp\MCE00126\MCE00126

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00126\MCE00126

Found mount point : C:\WINDOWS\Temp\MCE00127\MCE00127

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00127\MCE00127

Found mount point : C:\WINDOWS\Temp\MCE00128\MCE00128

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00128\MCE00128

Found mount point : C:\WINDOWS\Temp\MCE00129\MCE00129

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00129\MCE00129

Found mount point : C:\WINDOWS\Temp\MCE0012a\MCE0012a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012a\MCE0012a

Found mount point : C:\WINDOWS\Temp\MCE0012b\MCE0012b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012b\MCE0012b

Found mount point : C:\WINDOWS\Temp\MCE0012c\MCE0012c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012c\MCE0012c

Found mount point : C:\WINDOWS\Temp\MCE0012d\MCE0012d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012d\MCE0012d

Found mount point : C:\WINDOWS\Temp\MCE0012e\MCE0012e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012e\MCE0012e

Found mount point : C:\WINDOWS\Temp\MCE0012f\MCE0012f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0012f\MCE0012f

Found mount point : C:\WINDOWS\Temp\MCE00130\MCE00130

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00130\MCE00130

Found mount point : C:\WINDOWS\Temp\MCE00131\MCE00131

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00131\MCE00131

Found mount point : C:\WINDOWS\Temp\MCE00132\MCE00132

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00132\MCE00132

Found mount point : C:\WINDOWS\Temp\MCE00133\MCE00133

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00133\MCE00133

Found mount point : C:\WINDOWS\Temp\MCE00134\MCE00134

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00134\MCE00134

Found mount point : C:\WINDOWS\Temp\MCE00135\MCE00135

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00135\MCE00135

Found mount point : C:\WINDOWS\Temp\MCE00136\MCE00136

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00136\MCE00136

Found mount point : C:\WINDOWS\Temp\MCE00137\MCE00137

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00137\MCE00137

Found mount point : C:\WINDOWS\Temp\MCE00138\MCE00138

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00138\MCE00138

Found mount point : C:\WINDOWS\Temp\MCE00139\MCE00139

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00139\MCE00139

Found mount point : C:\WINDOWS\Temp\MCE0013a\MCE0013a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013a\MCE0013a

Found mount point : C:\WINDOWS\Temp\MCE0013b\MCE0013b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013b\MCE0013b

Found mount point : C:\WINDOWS\Temp\MCE0013c\MCE0013c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013c\MCE0013c

Found mount point : C:\WINDOWS\Temp\MCE0013d\MCE0013d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013d\MCE0013d

Found mount point : C:\WINDOWS\Temp\MCE0013e\MCE0013e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013e\MCE0013e

Found mount point : C:\WINDOWS\Temp\MCE0013f\MCE0013f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0013f\MCE0013f

Found mount point : C:\WINDOWS\Temp\MCE00140\MCE00140

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00140\MCE00140

Found mount point : C:\WINDOWS\Temp\MCE00141\MCE00141

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00141\MCE00141

Found mount point : C:\WINDOWS\Temp\MCE00142\MCE00142

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00142\MCE00142

Found mount point : C:\WINDOWS\Temp\MCE00143\MCE00143

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00143\MCE00143

Found mount point : C:\WINDOWS\Temp\MCE00144\MCE00144

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00144\MCE00144

Found mount point : C:\WINDOWS\Temp\MCE00145\MCE00145

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00145\MCE00145

Found mount point : C:\WINDOWS\Temp\MCE00146\MCE00146

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00146\MCE00146

Found mount point : C:\WINDOWS\Temp\MCE00147\MCE00147

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00147\MCE00147

Found mount point : C:\WINDOWS\Temp\MCE00148\MCE00148

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00148\MCE00148

Found mount point : C:\WINDOWS\Temp\MCE00149\MCE00149

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00149\MCE00149

Found mount point : C:\WINDOWS\Temp\MCE0014a\MCE0014a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014a\MCE0014a

Found mount point : C:\WINDOWS\Temp\MCE0014b\MCE0014b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014b\MCE0014b

Found mount point : C:\WINDOWS\Temp\MCE0014c\MCE0014c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014c\MCE0014c

Found mount point : C:\WINDOWS\Temp\MCE0014d\MCE0014d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014d\MCE0014d

Found mount point : C:\WINDOWS\Temp\MCE0014e\MCE0014e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014e\MCE0014e

Found mount point : C:\WINDOWS\Temp\MCE0014f\MCE0014f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0014f\MCE0014f

Found mount point : C:\WINDOWS\Temp\MCE00150\MCE00150

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00150\MCE00150

Found mount point : C:\WINDOWS\Temp\MCE00151\MCE00151

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00151\MCE00151

Found mount point : C:\WINDOWS\Temp\MCE00152\MCE00152

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00152\MCE00152

Found mount point : C:\WINDOWS\Temp\MCE00153\MCE00153

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00153\MCE00153

Found mount point : C:\WINDOWS\Temp\MCE00154\MCE00154

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00154\MCE00154

Found mount point : C:\WINDOWS\Temp\MCE00155\MCE00155

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00155\MCE00155

Found mount point : C:\WINDOWS\Temp\MCE00156\MCE00156

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00156\MCE00156

Found mount point : C:\WINDOWS\Temp\MCE00157\MCE00157

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00157\MCE00157

Found mount point : C:\WINDOWS\Temp\MCE00158\MCE00158

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00158\MCE00158

Found mount point : C:\WINDOWS\Temp\MCE00159\MCE00159

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00159\MCE00159

Found mount point : C:\WINDOWS\Temp\MCE0015a\MCE0015a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015a\MCE0015a

Found mount point : C:\WINDOWS\Temp\MCE0015b\MCE0015b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015b\MCE0015b

Found mount point : C:\WINDOWS\Temp\MCE0015c\MCE0015c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015c\MCE0015c

Found mount point : C:\WINDOWS\Temp\MCE0015d\MCE0015d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015d\MCE0015d

Found mount point : C:\WINDOWS\Temp\MCE0015e\MCE0015e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015e\MCE0015e

Found mount point : C:\WINDOWS\Temp\MCE0015f\MCE0015f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0015f\MCE0015f

Found mount point : C:\WINDOWS\Temp\MCE00160\MCE00160

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00160\MCE00160

Found mount point : C:\WINDOWS\Temp\MCE00161\MCE00161

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00161\MCE00161

Found mount point : C:\WINDOWS\Temp\MCE00162\MCE00162

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00162\MCE00162

Found mount point : C:\WINDOWS\Temp\MCE00163\MCE00163

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00163\MCE00163

Found mount point : C:\WINDOWS\Temp\MCE00164\MCE00164

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00164\MCE00164

Found mount point : C:\WINDOWS\Temp\MCE00165\MCE00165

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00165\MCE00165

Found mount point : C:\WINDOWS\Temp\MCE00166\MCE00166

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00166\MCE00166

Found mount point : C:\WINDOWS\Temp\MCE00167\MCE00167

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00167\MCE00167

Found mount point : C:\WINDOWS\Temp\MCE00168\MCE00168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00168\MCE00168

Found mount point : C:\WINDOWS\Temp\MCE00169\MCE00169

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00169\MCE00169

Found mount point : C:\WINDOWS\Temp\MCE0016a\MCE0016a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016a\MCE0016a

Found mount point : C:\WINDOWS\Temp\MCE0016b\MCE0016b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016b\MCE0016b

Found mount point : C:\WINDOWS\Temp\MCE0016c\MCE0016c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016c\MCE0016c

Found mount point : C:\WINDOWS\Temp\MCE0016d\MCE0016d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016d\MCE0016d

Found mount point : C:\WINDOWS\Temp\MCE0016e\MCE0016e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016e\MCE0016e

Found mount point : C:\WINDOWS\Temp\MCE0016f\MCE0016f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0016f\MCE0016f

Found mount point : C:\WINDOWS\Temp\MCE00170\MCE00170

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00170\MCE00170

Found mount point : C:\WINDOWS\Temp\MCE00171\MCE00171

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00171\MCE00171

Found mount point : C:\WINDOWS\Temp\MCE00172\MCE00172

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00172\MCE00172

Found mount point : C:\WINDOWS\Temp\MCE00173\MCE00173

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00173\MCE00173

Found mount point : C:\WINDOWS\Temp\MCE00174\MCE00174

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00174\MCE00174

Found mount point : C:\WINDOWS\Temp\MCE00175\MCE00175

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00175\MCE00175

Found mount point : C:\WINDOWS\Temp\MCE00176\MCE00176

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00176\MCE00176

Found mount point : C:\WINDOWS\Temp\MCE00177\MCE00177

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00177\MCE00177

Found mount point : C:\WINDOWS\Temp\MCE00178\MCE00178

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00178\MCE00178

Found mount point : C:\WINDOWS\Temp\MCE00179\MCE00179

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00179\MCE00179

Found mount point : C:\WINDOWS\Temp\MCE0017a\MCE0017a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017a\MCE0017a

Found mount point : C:\WINDOWS\Temp\MCE0017b\MCE0017b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017b\MCE0017b

Found mount point : C:\WINDOWS\Temp\MCE0017c\MCE0017c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017c\MCE0017c

Found mount point : C:\WINDOWS\Temp\MCE0017d\MCE0017d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017d\MCE0017d

Found mount point : C:\WINDOWS\Temp\MCE0017e\MCE0017e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017e\MCE0017e

Found mount point : C:\WINDOWS\Temp\MCE0017f\MCE0017f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0017f\MCE0017f

Found mount point : C:\WINDOWS\Temp\MCE00180\MCE00180

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00180\MCE00180

Found mount point : C:\WINDOWS\Temp\MCE00181\MCE00181

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00181\MCE00181

Found mount point : C:\WINDOWS\Temp\MCE00182\MCE00182

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00182\MCE00182

Found mount point : C:\WINDOWS\Temp\MCE00183\MCE00183

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00183\MCE00183

Found mount point : C:\WINDOWS\Temp\MCE00184\MCE00184

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00184\MCE00184

Found mount point : C:\WINDOWS\Temp\MCE00185\MCE00185

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00185\MCE00185

Found mount point : C:\WINDOWS\Temp\MCE00186\MCE00186

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00186\MCE00186

Found mount point : C:\WINDOWS\Temp\MCE00187\MCE00187

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00187\MCE00187

Found mount point : C:\WINDOWS\Temp\MCE00188\MCE00188

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00188\MCE00188

Found mount point : C:\WINDOWS\Temp\MCE00189\MCE00189

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00189\MCE00189

Found mount point : C:\WINDOWS\Temp\MCE0018a\MCE0018a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0018a\MCE0018a

Found mount point : C:\WINDOWS\Temp\MCE0018b\MCE0018b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0018b\MCE0018b

Found mount point : C:\WINDOWS\Temp\MCE0018c\MCE0018c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0018c\MCE0018c

Found mount point : C:\WINDOWS\Temp\MCE0018d\MCE0018d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0018d\MCE0018d

Found mount point : C:\WINDOWS\Temp\MCE0018e\MCE0018e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0018e\MCE0018e

Found mount point : C:\WINDOWS\Temp\MCE0018f\MCE0018f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0018f\MCE0018f

Found mount point : C:\WINDOWS\Temp\MCE00190\MCE00190

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00190\MCE00190

Found mount point : C:\WINDOWS\Temp\MCE00191\MCE00191

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00191\MCE00191

Found mount point : C:\WINDOWS\Temp\MCE00192\MCE00192

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00192\MCE00192

Found mount point : C:\WINDOWS\Temp\MCE00193\MCE00193

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00193\MCE00193

Found mount point : C:\WINDOWS\Temp\MCE00194\MCE00194

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00194\MCE00194

Found mount point : C:\WINDOWS\Temp\MCE00195\MCE00195

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00195\MCE00195

Found mount point : C:\WINDOWS\Temp\MCE00196\MCE00196

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00196\MCE00196

Found mount point : C:\WINDOWS\Temp\MCE00197\MCE00197

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00197\MCE00197

Found mount point : C:\WINDOWS\Temp\MCE00198\MCE00198

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00198\MCE00198

Found mount point : C:\WINDOWS\Temp\MCE00199\MCE00199

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00199\MCE00199

Found mount point : C:\WINDOWS\Temp\MCE0019a\MCE0019a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0019a\MCE0019a

Found mount point : C:\WINDOWS\Temp\MCE0019b\MCE0019b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0019b\MCE0019b

Found mount point : C:\WINDOWS\Temp\MCE0019c\MCE0019c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0019c\MCE0019c

Found mount point : C:\WINDOWS\Temp\MCE0019d\MCE0019d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0019d\MCE0019d

Found mount point : C:\WINDOWS\Temp\MCE0019e\MCE0019e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0019e\MCE0019e

Found mount point : C:\WINDOWS\Temp\MCE0019f\MCE0019f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0019f\MCE0019f

Found mount point : C:\WINDOWS\Temp\MCE001a0\MCE001a0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001a0\MCE001a0

Found mount point : C:\WINDOWS\Temp\MCE001a1\MCE001a1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001a1\MCE001a1

Found mount point : C:\WINDOWS\Temp\MCE001a2\MCE001a2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001a2\MCE001a2

Found mount point : C:\WINDOWS\Temp\MCE001a3\MCE001a3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001a3\MCE001a3

Found mount point : C:\WINDOWS\Temp\MCE001a4\MCE001a4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001a4\MCE001a4

Found mount point : C:\WINDOWS\Temp\MCE001a5\MCE001a5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001a5\MCE001a5

Found mount point : C:\WINDOWS\Temp\MCE001a6\MCE001a6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001a6\MCE001a6

Found mount point : C:\WINDOWS\Temp\MCE001a7\MCE001a7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001a7\MCE001a7

Found mount point : C:\WINDOWS\Temp\MCE001a8\MCE001a8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001a8\MCE001a8

Found mount point : C:\WINDOWS\Temp\MCE001a9\MCE001a9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001a9\MCE001a9

Found mount point : C:\WINDOWS\Temp\MCE001aa\MCE001aa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001aa\MCE001aa

Found mount point : C:\WINDOWS\Temp\MCE001ab\MCE001ab

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ab\MCE001ab

Found mount point : C:\WINDOWS\Temp\MCE001ac\MCE001ac

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ac\MCE001ac

Found mount point : C:\WINDOWS\Temp\MCE001ad\MCE001ad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ad\MCE001ad

Found mount point : C:\WINDOWS\Temp\MCE001ae\MCE001ae

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ae\MCE001ae

Found mount point : C:\WINDOWS\Temp\MCE001af\MCE001af

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001af\MCE001af

Found mount point : C:\WINDOWS\Temp\MCE001b0\MCE001b0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001b0\MCE001b0

Found mount point : C:\WINDOWS\Temp\MCE001b1\MCE001b1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001b1\MCE001b1

Found mount point : C:\WINDOWS\Temp\MCE001b2\MCE001b2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001b2\MCE001b2

Found mount point : C:\WINDOWS\Temp\MCE001b3\MCE001b3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001b3\MCE001b3

Found mount point : C:\WINDOWS\Temp\MCE001b4\MCE001b4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001b4\MCE001b4

Found mount point : C:\WINDOWS\Temp\MCE001b5\MCE001b5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001b5\MCE001b5

Found mount point : C:\WINDOWS\Temp\MCE001b6\MCE001b6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001b6\MCE001b6

Found mount point : C:\WINDOWS\Temp\MCE001b7\MCE001b7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001b7\MCE001b7

Found mount point : C:\WINDOWS\Temp\MCE001b8\MCE001b8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001b8\MCE001b8

Found mount point : C:\WINDOWS\Temp\MCE001b9\MCE001b9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001b9\MCE001b9

Found mount point : C:\WINDOWS\Temp\MCE001ba\MCE001ba

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ba\MCE001ba

Found mount point : C:\WINDOWS\Temp\MCE001bb\MCE001bb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001bb\MCE001bb

Found mount point : C:\WINDOWS\Temp\MCE001bc\MCE001bc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001bc\MCE001bc

Found mount point : C:\WINDOWS\Temp\MCE001bd\MCE001bd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001bd\MCE001bd

Found mount point : C:\WINDOWS\Temp\MCE001be\MCE001be

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001be\MCE001be

Found mount point : C:\WINDOWS\Temp\MCE001bf\MCE001bf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001bf\MCE001bf

Found mount point : C:\WINDOWS\Temp\MCE001c0\MCE001c0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001c0\MCE001c0

Found mount point : C:\WINDOWS\Temp\MCE001c1\MCE001c1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001c1\MCE001c1

Found mount point : C:\WINDOWS\Temp\MCE001c2\MCE001c2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001c2\MCE001c2

Found mount point : C:\WINDOWS\Temp\MCE001c3\MCE001c3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001c3\MCE001c3

Found mount point : C:\WINDOWS\Temp\MCE001c4\MCE001c4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001c4\MCE001c4

Found mount point : C:\WINDOWS\Temp\MCE001c5\MCE001c5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001c5\MCE001c5

Found mount point : C:\WINDOWS\Temp\MCE001c6\MCE001c6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001c6\MCE001c6

Found mount point : C:\WINDOWS\Temp\MCE001c7\MCE001c7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001c7\MCE001c7

Found mount point : C:\WINDOWS\Temp\MCE001c8\MCE001c8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001c8\MCE001c8

Found mount point : C:\WINDOWS\Temp\MCE001c9\MCE001c9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001c9\MCE001c9

Found mount point : C:\WINDOWS\Temp\MCE001ca\MCE001ca

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ca\MCE001ca

Found mount point : C:\WINDOWS\Temp\MCE001cb\MCE001cb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001cb\MCE001cb

Found mount point : C:\WINDOWS\Temp\MCE001cc\MCE001cc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001cc\MCE001cc

Found mount point : C:\WINDOWS\Temp\MCE001cd\MCE001cd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001cd\MCE001cd

Found mount point : C:\WINDOWS\Temp\MCE001ce\MCE001ce

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ce\MCE001ce

Found mount point : C:\WINDOWS\Temp\MCE001cf\MCE001cf

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001cf\MCE001cf

Found mount point : C:\WINDOWS\Temp\MCE001d0\MCE001d0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001d0\MCE001d0

Found mount point : C:\WINDOWS\Temp\MCE001d1\MCE001d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001d1\MCE001d1

Found mount point : C:\WINDOWS\Temp\MCE001d2\MCE001d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001d2\MCE001d2

Found mount point : C:\WINDOWS\Temp\MCE001d3\MCE001d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001d3\MCE001d3

Found mount point : C:\WINDOWS\Temp\MCE001d4\MCE001d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001d4\MCE001d4

Found mount point : C:\WINDOWS\Temp\MCE001d5\MCE001d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001d5\MCE001d5

Found mount point : C:\WINDOWS\Temp\MCE001d6\MCE001d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001d6\MCE001d6

Found mount point : C:\WINDOWS\Temp\MCE001d7\MCE001d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001d7\MCE001d7

Found mount point : C:\WINDOWS\Temp\MCE001d8\MCE001d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001d8\MCE001d8

Found mount point : C:\WINDOWS\Temp\MCE001d9\MCE001d9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001d9\MCE001d9

Found mount point : C:\WINDOWS\Temp\MCE001da\MCE001da

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001da\MCE001da

Found mount point : C:\WINDOWS\Temp\MCE001db\MCE001db

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001db\MCE001db

Found mount point : C:\WINDOWS\Temp\MCE001dc\MCE001dc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001dc\MCE001dc

Found mount point : C:\WINDOWS\Temp\MCE001dd\MCE001dd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001dd\MCE001dd

Found mount point : C:\WINDOWS\Temp\MCE001de\MCE001de

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001de\MCE001de

Found mount point : C:\WINDOWS\Temp\MCE001df\MCE001df

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001df\MCE001df

Found mount point : C:\WINDOWS\Temp\MCE001e0\MCE001e0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001e0\MCE001e0

Found mount point : C:\WINDOWS\Temp\MCE001e1\MCE001e1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001e1\MCE001e1

Found mount point : C:\WINDOWS\Temp\MCE001e2\MCE001e2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001e2\MCE001e2

Found mount point : C:\WINDOWS\Temp\MCE001e3\MCE001e3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001e3\MCE001e3

Found mount point : C:\WINDOWS\Temp\MCE001e4\MCE001e4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001e4\MCE001e4

Found mount point : C:\WINDOWS\Temp\MCE001e5\MCE001e5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001e5\MCE001e5

Found mount point : C:\WINDOWS\Temp\MCE001e6\MCE001e6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001e6\MCE001e6

Found mount point : C:\WINDOWS\Temp\MCE001e7\MCE001e7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001e7\MCE001e7

Found mount point : C:\WINDOWS\Temp\MCE001e8\MCE001e8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001e8\MCE001e8

Found mount point : C:\WINDOWS\Temp\MCE001e9\MCE001e9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001e9\MCE001e9

Found mount point : C:\WINDOWS\Temp\MCE001ea\MCE001ea

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ea\MCE001ea

Found mount point : C:\WINDOWS\Temp\MCE001eb\MCE001eb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001eb\MCE001eb

Found mount point : C:\WINDOWS\Temp\MCE001ec\MCE001ec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ec\MCE001ec

Found mount point : C:\WINDOWS\Temp\MCE001ed\MCE001ed

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ed\MCE001ed

Found mount point : C:\WINDOWS\Temp\MCE001ee\MCE001ee

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ee\MCE001ee

Found mount point : C:\WINDOWS\Temp\MCE001ef\MCE001ef

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ef\MCE001ef

Found mount point : C:\WINDOWS\Temp\MCE001f0\MCE001f0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001f0\MCE001f0

Found mount point : C:\WINDOWS\Temp\MCE001f1\MCE001f1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001f1\MCE001f1

Found mount point : C:\WINDOWS\Temp\MCE001f2\MCE001f2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001f2\MCE001f2

Found mount point : C:\WINDOWS\Temp\MCE001f3\MCE001f3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001f3\MCE001f3

Found mount point : C:\WINDOWS\Temp\MCE001f4\MCE001f4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001f4\MCE001f4

Found mount point : C:\WINDOWS\Temp\MCE001f5\MCE001f5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001f5\MCE001f5

Found mount point : C:\WINDOWS\Temp\MCE001f6\MCE001f6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001f6\MCE001f6

Found mount point : C:\WINDOWS\Temp\MCE001f7\MCE001f7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001f7\MCE001f7

Found mount point : C:\WINDOWS\Temp\MCE001f8\MCE001f8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001f8\MCE001f8

Found mount point : C:\WINDOWS\Temp\MCE001f9\MCE001f9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001f9\MCE001f9

Found mount point : C:\WINDOWS\Temp\MCE001fa\MCE001fa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001fa\MCE001fa

Found mount point : C:\WINDOWS\Temp\MCE001fb\MCE001fb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001fb\MCE001fb

Found mount point : C:\WINDOWS\Temp\MCE001fc\MCE001fc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001fc\MCE001fc

Found mount point : C:\WINDOWS\Temp\MCE001fd\MCE001fd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001fd\MCE001fd

Found mount point : C:\WINDOWS\Temp\MCE001fe\MCE001fe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001fe\MCE001fe

Found mount point : C:\WINDOWS\Temp\MCE001ff\MCE001ff

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE001ff\MCE001ff

Found mount point : C:\WINDOWS\Temp\MCE00200\MCE00200

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00200\MCE00200

Found mount point : C:\WINDOWS\Temp\MCE00201\MCE00201

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00201\MCE00201

Found mount point : C:\WINDOWS\Temp\MCE00202\MCE00202

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00202\MCE00202

Found mount point : C:\WINDOWS\Temp\MCE00203\MCE00203

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00203\MCE00203

Found mount point : C:\WINDOWS\Temp\MCE00204\MCE00204

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00204\MCE00204

Found mount point : C:\WINDOWS\Temp\MCE00205\MCE00205

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00205\MCE00205

Found mount point : C:\WINDOWS\Temp\MCE00206\MCE00206

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00206\MCE00206

Found mount point : C:\WINDOWS\Temp\MCE00207\MCE00207

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00207\MCE00207

Found mount point : C:\WINDOWS\Temp\MCE00208\MCE00208

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00208\MCE00208

Found mount point : C:\WINDOWS\Temp\MCE00209\MCE00209

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00209\MCE00209

Found mount point : C:\WINDOWS\Temp\MCE0020a\MCE0020a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0020a\MCE0020a

Found mount point : C:\WINDOWS\Temp\MCE0020b\MCE0020b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0020b\MCE0020b

Found mount point : C:\WINDOWS\Temp\MCE0020c\MCE0020c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0020c\MCE0020c

Found mount point : C:\WINDOWS\Temp\MCE0020d\MCE0020d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0020d\MCE0020d

Found mount point : C:\WINDOWS\Temp\MCE0020e\MCE0020e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0020e\MCE0020e

Found mount point : C:\WINDOWS\Temp\MCE0020f\MCE0020f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0020f\MCE0020f

Found mount point : C:\WINDOWS\Temp\MCE00210\MCE00210

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00210\MCE00210

Found mount point : C:\WINDOWS\Temp\MCE00211\MCE00211

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00211\MCE00211

Found mount point : C:\WINDOWS\Temp\MCE00212\MCE00212

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00212\MCE00212

Found mount point : C:\WINDOWS\Temp\MCE00213\MCE00213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00213\MCE00213

Found mount point : C:\WINDOWS\Temp\MCE00214\MCE00214

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00214\MCE00214

Found mount point : C:\WINDOWS\Temp\MCE00215\MCE00215

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00215\MCE00215

Found mount point : C:\WINDOWS\Temp\MCE00216\MCE00216

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00216\MCE00216

Found mount point : C:\WINDOWS\Temp\MCE00217\MCE00217

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00217\MCE00217

Found mount point : C:\WINDOWS\Temp\MCE00218\MCE00218

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00218\MCE00218

Found mount point : C:\WINDOWS\Temp\MCE00219\MCE00219

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00219\MCE00219

Found mount point : C:\WINDOWS\Temp\MCE0021a\MCE0021a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0021a\MCE0021a

Found mount point : C:\WINDOWS\Temp\MCE0021b\MCE0021b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0021b\MCE0021b

Found mount point : C:\WINDOWS\Temp\MCE0021c\MCE0021c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0021c\MCE0021c

Found mount point : C:\WINDOWS\Temp\MCE0021d\MCE0021d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0021d\MCE0021d

Found mount point : C:\WINDOWS\Temp\MCE0021e\MCE0021e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0021e\MCE0021e

Found mount point : C:\WINDOWS\Temp\MCE0021f\MCE0021f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0021f\MCE0021f

Found mount point : C:\WINDOWS\Temp\MCE00220\MCE00220

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00220\MCE00220

Found mount point : C:\WINDOWS\Temp\MCE00221\MCE00221

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00221\MCE00221

Found mount point : C:\WINDOWS\Temp\MCE00222\MCE00222

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00222\MCE00222

Found mount point : C:\WINDOWS\Temp\MCE00223\MCE00223

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00223\MCE00223

Found mount point : C:\WINDOWS\Temp\MCE00224\MCE00224

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00224\MCE00224

Found mount point : C:\WINDOWS\Temp\MCE00225\MCE00225

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00225\MCE00225

Found mount point : C:\WINDOWS\Temp\MCE00226\MCE00226

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00226\MCE00226

Found mount point : C:\WINDOWS\Temp\MCE00227\MCE00227

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00227\MCE00227

Found mount point : C:\WINDOWS\Temp\MCE00228\MCE00228

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00228\MCE00228

Found mount point : C:\WINDOWS\Temp\MCE00229\MCE00229

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00229\MCE00229

Found mount point : C:\WINDOWS\Temp\MCE0022a\MCE0022a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0022a\MCE0022a

Found mount point : C:\WINDOWS\Temp\MCE0022b\MCE0022b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0022b\MCE0022b

Found mount point : C:\WINDOWS\Temp\MCE0022c\MCE0022c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0022c\MCE0022c

Found mount point : C:\WINDOWS\Temp\MCE0022d\MCE0022d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0022d\MCE0022d

Found mount point : C:\WINDOWS\Temp\MCE0022e\MCE0022e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0022e\MCE0022e

Found mount point : C:\WINDOWS\Temp\MCE0022f\MCE0022f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0022f\MCE0022f

Found mount point : C:\WINDOWS\Temp\MCE00230\MCE00230

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00230\MCE00230

Found mount point : C:\WINDOWS\Temp\MCE00231\MCE00231

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00231\MCE00231

Found mount point : C:\WINDOWS\Temp\MCE00232\MCE00232

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00232\MCE00232

Found mount point : C:\WINDOWS\Temp\MCE00233\MCE00233

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00233\MCE00233

Found mount point : C:\WINDOWS\Temp\MCE00234\MCE00234

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00234\MCE00234

Found mount point : C:\WINDOWS\Temp\MCE00235\MCE00235

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00235\MCE00235

Found mount point : C:\WINDOWS\Temp\MCE00236\MCE00236

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00236\MCE00236

Found mount point : C:\WINDOWS\Temp\MCE00237\MCE00237

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00237\MCE00237

Found mount point : C:\WINDOWS\Temp\MCE00238\MCE00238

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00238\MCE00238

Found mount point : C:\WINDOWS\Temp\MCE00239\MCE00239

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00239\MCE00239

Found mount point : C:\WINDOWS\Temp\MCE0023a\MCE0023a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0023a\MCE0023a

Found mount point : C:\WINDOWS\Temp\MCE0023b\MCE0023b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0023b\MCE0023b

Found mount point : C:\WINDOWS\Temp\MCE0023c\MCE0023c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0023c\MCE0023c

Found mount point : C:\WINDOWS\Temp\MCE0023d\MCE0023d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0023d\MCE0023d

Found mount point : C:\WINDOWS\Temp\MCE0023e\MCE0023e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0023e\MCE0023e

Found mount point : C:\WINDOWS\Temp\MCE0023f\MCE0023f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE0023f\MCE0023f

Found mount point : C:\WINDOWS\Temp\MCE00240\MCE00240

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00240\MCE00240

Found mount point : C:\WINDOWS\Temp\MCE00241\MCE00241

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00241\MCE00241

Found mount point : C:\WINDOWS\Temp\MCE00242\MCE00242

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00242\MCE00242

Found mount point : C:\WINDOWS\Temp\MCE00243\MCE00243

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00243\MCE00243

Found mount point : C:\WINDOWS\Temp\MCE00244\MCE00244

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00244\MCE00244

Found mount point : C:\WINDOWS\Temp\MCE00245\MCE00245

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCE00245\MCE00245

Found mount point : C:\WINDOWS\Temp\MCQTFILE00000\MCQTFILE00000

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCQTFILE00000\MCQTFILE00000

Found mount point : C:\WINDOWS\Temp\MCQTFILE00001\MCQTFILE00001

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\MCQTFILE00001\MCQTFILE00001

Found mount point : C:\WINDOWS\Temp\mcu10.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu10.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu102.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu102.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu11.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu11.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu12.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu12.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu128.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu128.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu13.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu13.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu13C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu13C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu14.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu14.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu145.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu145.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu15.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu15.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu15F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu15F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu16.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu16.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu160.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu160.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu17.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu17.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu18.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu18.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu181.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu181.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu184.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu184.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu19.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu19.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu1A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu1A.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu1B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu1B.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu1C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu1C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu1C3.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu1C3.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu1C7.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu1C7.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu1CB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu1CB.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu1D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu1D.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu1D2.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu1D2.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu1E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu1E.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu1F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu1F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu20.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu20.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu21.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu21.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu211.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu211.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu22.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu22.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu22B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu22B.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu23.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu23.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu23F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu23F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu24.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu24.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu24F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu24F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu25.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu25.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu26.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu26.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu27.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu27.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu277.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu277.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu28.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu28.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu29.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu29.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu2A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu2A.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu2B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu2B.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu2C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu2C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu2D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu2D.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu2E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu2E.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu2F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu2F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu2FC.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu2FC.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu2FF.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu2FF.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu30.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu30.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu31.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu31.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu32.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu32.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu33.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu33.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu34.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu34.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu35.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu35.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu36.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu36.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu37.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu37.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu38.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu38.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu39.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu39.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu3A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu3A.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu3B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu3B.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu3B9.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu3B9.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu3C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu3C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu3D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu3D.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu3D3.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu3D3.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu3E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu3E.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu3F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu3F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu40.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu40.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu40F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu40F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu41.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu41.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu42.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu42.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu43.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu43.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu44.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu44.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu45.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu45.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu46.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu46.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu47.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu47.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu48.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu48.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu49.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu49.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu4A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu4A.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu4B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu4B.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu4C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu4C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu4D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu4D.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu4E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu4E.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu4F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu4F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu50.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu50.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu51.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu51.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu52.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu52.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu53.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu53.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu54.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu54.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu55.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu55.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu56.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu56.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu57.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu57.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu57B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu57B.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu58.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu58.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu59.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu59.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu5A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu5A.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu5B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu5B.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu5C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu5C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu5D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu5D.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu5E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu5E.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu5F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu5F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu60.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu60.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu61.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu61.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu62.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu62.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu63.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu63.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu64.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu64.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu65.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu65.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu66.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu66.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu67.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu67.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu68.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu68.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu69.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu69.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu6A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu6A.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu6B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu6B.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu6C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu6C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu6D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu6D.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu6E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu6E.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu6F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu6F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu70.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu70.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu71.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu71.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu72.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu72.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu73.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu73.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu74.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu74.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu75.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu75.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu76.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu76.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu77.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu77.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu78.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu78.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu79.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu79.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu7A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu7A.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu7B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu7B.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu7C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu7C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu7D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu7D.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu7E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu7E.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu7F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu7F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu80.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu80.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu81.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu81.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu82.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu82.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu83.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu83.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu84.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu84.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu85.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu85.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu86.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu86.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu87.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu87.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu88.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu88.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu89.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu89.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu8A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu8A.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu8B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu8B.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu8C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu8C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu8D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu8D.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu8E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu8E.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu8F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu8F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu90.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu90.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu91.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu91.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu92.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu92.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu93.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu93.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu94.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu94.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu95.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu95.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu96.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu96.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu97.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu97.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu98.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu98.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu99.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu99.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu9A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu9A.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu9B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu9B.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu9C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu9C.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu9D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu9D.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu9E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu9E.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcu9F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcu9F.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuA0.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuA0.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuA1.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuA1.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuA2.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuA2.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuA3.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuA3.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuA4.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuA4.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuA5.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuA5.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuA6.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuA6.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuA7.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuA7.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuA8.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuA8.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuA9.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuA9.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuAA.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuAA.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuAB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuAB.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuAC.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuAC.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuAD.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuAD.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuAE.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuAE.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuAF.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuAF.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuB0.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuB0.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuB1.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuB1.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuB2.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuB2.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuB3.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuB3.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuB4.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuB4.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuB5.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuB5.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuB6.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuB6.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuB7.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuB7.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuB8.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuB8.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuB9.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuB9.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuBA.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuBA.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuBB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuBB.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuBC.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuBC.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuBD.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuBD.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuBE.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuBE.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuBF.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuBF.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuC0.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuC0.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuC1.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuC1.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuC2.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuC2.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuC3.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuC3.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuC4.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuC4.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuC5.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuC5.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuC6.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuC6.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuC7.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuC7.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuC8.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuC8.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuC9.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuC9.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuCA.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuCA.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuCB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuCB.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuCD.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuCD.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuDF.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuDF.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuE.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuE.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuE1.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuE1.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuE2.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuE2.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuE5.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuE5.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuF.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuF.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuF7.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuF7.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuF9.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuF9.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuFB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuFB.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\mcuFE.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mcuFE.tmp\vso\vso

Found mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor

Found mount point : C:\WINDOWS\Temp\vmgr4a15.tmp\vmgr4a15.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\vmgr4a15.tmp\vmgr4a15.tmp

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2



Finished!

#4 Dave1954

Dave1954
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 24 September 2009 - 08:50 PM

I executed the ComboFix after turning off McAfee. It detected a Rootkit problem (didn't say what it found) and rebooted my computer. After I entered my computer password a blue box came up for ComboFix. It says that 'GREP' is not recognized as an internal or external command, operable program or batch file.

Please wait.
ComboFix is preparing to run.

I haven't touched the box. It has been close to 2 hours with no apparent progress. How long do I wait? What do I do next? Thanks

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:15 PM

Posted 24 September 2009 - 09:53 PM

I executed the ComboFix after turning off McAfee. It detected a Rootkit problem (didn't say what it found) and rebooted my computer. After I entered my computer password a blue box came up for ComboFix. It says that 'GREP' is not recognized as an internal or external command, operable program or batch file.

Please wait.
ComboFix is preparing to run.

I haven't touched the box. It has been close to 2 hours with no apparent progress. How long do I wait? What do I do next? Thanks

It should not take more than 30 the most. End task to all and shut down Combofix.

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 Dave1954

Dave1954
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 25 September 2009 - 08:34 AM

GMER Results.log

Thanks

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-25 09:27:14
Windows 5.1.2600 Service Pack 3
Running: 2ln63ypk.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\pwliikob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF3FC34EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF3FC3498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF3FC34AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF3FC352A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF3FC3470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF3FC3484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF3FC34FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF3FC34D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF3FC34C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF3FC3559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF3FC3540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF3FC3514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AA0F8D
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AA0F9E
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AA0FB9
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AA0FCA
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AA005B
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AA0F55
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AA0F72
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AA00F8
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AA00DD
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!GetProcAddress 7C80AE40 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AA0F44
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AA006C
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AA0025
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AA009D
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AA0036
.text C:\WINDOWS\system32\svchost.exe[348] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AA00B8
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A9002C
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A9004E
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A9001B
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A90FE5
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A90F91
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A90FAC
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C9, 88]
.text C:\WINDOWS\system32\svchost.exe[348] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A9003D
.text C:\WINDOWS\system32\svchost.exe[348] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A80044
.text C:\WINDOWS\system32\svchost.exe[348] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A80FB9
.text C:\WINDOWS\system32\svchost.exe[348] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[348] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A8000C
.text C:\WINDOWS\system32\svchost.exe[348] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A80FD4
.text C:\WINDOWS\system32\svchost.exe[348] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A80029
.text C:\WINDOWS\system32\svchost.exe[348] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 009E0FD4
.text C:\WINDOWS\system32\svchost.exe[348] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[348] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 009E000A
.text C:\WINDOWS\system32\svchost.exe[348] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 009E0FC3
.text C:\WINDOWS\system32\svchost.exe[348] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D000A
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01430000
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01430095
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01430084
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01430073
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01430FB6
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01430FD1
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01430F59
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01430F74
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014300CD
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014300BC
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 014300DE
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01430058
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01430011
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01430F85
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0143003D
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0143002C
.text C:\WINDOWS\Explorer.EXE[440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01430F48
.text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0142001B
.text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01420040
.text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0142000A
.text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01420FD4
.text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01420F83
.text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01420FE5
.text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01420F94
.text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [62, 89]
.text C:\WINDOWS\Explorer.EXE[440] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01420FAF
.text C:\WINDOWS\Explorer.EXE[440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01410FBE
.text C:\WINDOWS\Explorer.EXE[440] msvcrt.dll!system 77C293C7 5 Bytes JMP 0141003F
.text C:\WINDOWS\Explorer.EXE[440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0141002E
.text C:\WINDOWS\Explorer.EXE[440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0141000C
.text C:\WINDOWS\Explorer.EXE[440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01410FCF
.text C:\WINDOWS\Explorer.EXE[440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0141001D
.text C:\WINDOWS\Explorer.EXE[440] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 01260FDE
.text C:\WINDOWS\Explorer.EXE[440] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 01260FEF
.text C:\WINDOWS\Explorer.EXE[440] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 01260FC3
.text C:\WINDOWS\Explorer.EXE[440] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 01260FA8
.text C:\WINDOWS\Explorer.EXE[440] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BA0000
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D0000A
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D0004A
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00F55
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D00F72
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00F83
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00FB9
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D0007D
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D0006C
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D00EE4
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D00EFF
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D00ED3
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00FA8
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D00FEF
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D0005B
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D0002F
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D00FDE
.text C:\Program Files\Messenger\msmsgs.exe[900] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D00F1A
.text C:\Program Files\Messenger\msmsgs.exe[900] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE0FAB
.text C:\Program Files\Messenger\msmsgs.exe[900] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0FC6
.text C:\Program Files\Messenger\msmsgs.exe[900] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE0FD7
.text C:\Program Files\Messenger\msmsgs.exe[900] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0000
.text C:\Program Files\Messenger\msmsgs.exe[900] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE002C
.text C:\Program Files\Messenger\msmsgs.exe[900] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE0011
.text C:\Program Files\Messenger\msmsgs.exe[900] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0FCA
.text C:\Program Files\Messenger\msmsgs.exe[900] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF0058
.text C:\Program Files\Messenger\msmsgs.exe[900] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF001B
.text C:\Program Files\Messenger\msmsgs.exe[900] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF0FEF
.text C:\Program Files\Messenger\msmsgs.exe[900] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0047
.text C:\Program Files\Messenger\msmsgs.exe[900] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF000A
.text C:\Program Files\Messenger\msmsgs.exe[900] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CF0036
.text C:\Program Files\Messenger\msmsgs.exe[900] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF0FB9
.text C:\Program Files\Messenger\msmsgs.exe[900] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC0FE5
.text C:\Program Files\Messenger\msmsgs.exe[900] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 00CD0FEF
.text C:\Program Files\Messenger\msmsgs.exe[900] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 00CD000A
.text C:\Program Files\Messenger\msmsgs.exe[900] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 00CD0FDE
.text C:\Program Files\Messenger\msmsgs.exe[900] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 00CD0025
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0130000A
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0130007D
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01300F88
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01300062
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01300FAF
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01300036
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 013000BC
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0130009F
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01300F3E
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013000D7
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013000F2
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01300051
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01300FE5
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0130008E
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01300025
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01300FD4
.text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01300F59
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 012F003D
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 012F0F80
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 012F002C
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 012F0011
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 012F0F91
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 012F0000
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 012F0FB6
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4F, 89]
.text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 012F0FC7
.text C:\WINDOWS\system32\services.exe[1024] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012E0F95
.text C:\WINDOWS\system32\services.exe[1024] msvcrt.dll!system 77C293C7 5 Bytes JMP 012E0FA6
.text C:\WINDOWS\system32\services.exe[1024] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012E0FC1
.text C:\WINDOWS\system32\services.exe[1024] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012E0FE3
.text C:\WINDOWS\system32\services.exe[1024] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012E0016
.text C:\WINDOWS\system32\services.exe[1024] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012E0FD2
.text C:\WINDOWS\system32\services.exe[1024] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00F92
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00087
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D00076
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00065
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D0004A
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D00F4B
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D00F5C
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000C9
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D000A4
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D00F15
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D00F77
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D0002F
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\lsass.exe[1036] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D00F26
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0040
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF0F83
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF0025
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0F9E
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CF0FAF
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EF, 88]
.text C:\WINDOWS\system32\lsass.exe[1036] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF0FCA
.text C:\WINDOWS\system32\lsass.exe[1036] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE0064
.text C:\WINDOWS\system32\lsass.exe[1036] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FD9
.text C:\WINDOWS\system32\lsass.exe[1036] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0038
.text C:\WINDOWS\system32\lsass.exe[1036] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\lsass.exe[1036] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0049
.text C:\WINDOWS\system32\lsass.exe[1036] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE001D
.text C:\WINDOWS\system32\lsass.exe[1036] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00091
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00080
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D00065
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00FA8
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00039
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D000B3
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D00F77
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000F0
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D000D5
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D00101
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00054
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D000A2
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D00014
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D000C4
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0FC0
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF0073
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0058
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CF003D
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF002C
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE0F7A
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0F8B
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE0FC1
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0F9C
.text C:\WINDOWS\system32\svchost.exe[1232] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE0FD2
.text C:\WINDOWS\system32\svchost.exe[1232] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F50F9C
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F50087
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F50076
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F50065
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F50FB9
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F500B3
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F50F6B
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F50F46
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F500DF
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F50F35
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F5004A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F5000A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F500A2
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F5002F
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F50FD4
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F500CE
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F4001B
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F40073
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F40FCA
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F40FDB
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F40058
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F4003D
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F4002C
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F30FAB
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F3002C
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F30FD7
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F30FBC
.text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F30011
.text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F2000A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F3000A
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F30098
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F30087
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F30FB9
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F30076
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F30FD4
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F300D0
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F30F88
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F300EB
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F30F52
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F30106
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F30065
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F3001B
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F300B3
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F30040
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F30F6D
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F20FCA
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F20065
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F2001B
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F2000A
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F20FA8
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F20FB9
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [12, 89]
.text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F20040
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F10042
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F10FB7
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F1001D
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F10FD2
.text C:\WINDOWS\System32\svchost.exe[1424] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F10000
.text C:\WINDOWS\System32\svchost.exe[1424] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F00000
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 029D0FEF
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 029D0069
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 029D0F7E
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 029D0058
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 029D0FA5
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 029D002C
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 029D0F4D
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 029D0095
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 029D00CB
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 029D0F28
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 029D0F17
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 029D0047
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 029D0000
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 029D0084
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 029D0FC0
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 029D0011
.text C:\WINDOWS\System32\svchost.exe[1428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 029D00A6
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 029C0036
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 029C008E
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 029C0025
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 029C0014
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 029C007D
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 029C0FEF
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 029C0058
.text C:\WINDOWS\System32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 029C0047
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02680036
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!system 77C293C7 5 Bytes JMP 02680025
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02680000
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02680FE3
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02680FB5
.text C:\WINDOWS\System32\svchost.exe[1428] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02680FD2
.text C:\WINDOWS\System32\svchost.exe[1428] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02470FEF
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenW 771BAF45 5 Bytes JMP 02480FEF
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenA 771C5796 5 Bytes JMP 0248000A
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlA 771C5A62 5 Bytes JMP 0248001B
.text C:\WINDOWS\System32\svchost.exe[1428] WININET.dll!InternetOpenUrlW 771D5BB2 5 Bytes JMP 02480036
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0065007F
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065006E
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F94
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650FC0
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006500B2
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006500A1
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500E8
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500D7
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650103
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650FAF
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0065001B
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00650090
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650F4F
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FB9
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00640F68
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FCA
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640FDB
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640F79
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00640F9E
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [84, 88]
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FA8
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FD4
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630033
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063000C
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00FE5
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00071
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00056
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A0003B
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00F7C
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A00F35
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00F50
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A00EF8
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A00F09
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A000AC
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00F8D
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00FD4
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A00F61
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A00F9E
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A00FB9
.text C:\WINDOWS\system32\svchost.exe[1832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A00F24
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0FB9
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0F83
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0F94
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\svchost.exe[1832] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0025
.text C:\WINDOWS\system32\svchost.exe[1832] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0F89
.text C:\WINDOWS\system32\svchost.exe[1832] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0014
.text C:\WINDOWS\system32\svchost.exe[1832] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0FB5
.text C:\WINDOWS\system32\svchost.exe[1832] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FE3
.text C:\WINDOWS\system32\svchost.exe[1832] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0F9A
.text C:\WINDOWS\system32\svchost.exe[1832] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0FC6
.text C:\WINDOWS\system32\svchost.exe[1832] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E30000
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E30089
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E3006E
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E3005D
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E30F94
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E3002C
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E300D0
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E300BF
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E30F4B
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E30F5C
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E300FF
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E30FA5
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E30011
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E300AE
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E30FC0
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E30FD1
.text C:\WINDOWS\system32\svchost.exe[1936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E30F6D
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E2002F
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E20F94
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E20FD4
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E20014
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E2005B
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E20FB9
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [02, 89]
.text C:\WINDOWS\system32\svchost.exe[1936] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E20040
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E1003D
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E1002C
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E10FBC
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E10FE3
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E10011
.text C:\WINDOWS\system32\svchost.exe[1936] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E10000
.text C:\WINDOWS\system32\svchost.exe[1936] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E00FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40F72
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40067
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40F83
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40040
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40FA8
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40F57
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A40093
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A400CB
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A400BA
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40F17
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A4002F
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40082
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40FC3
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40FD4
.text C:\WINDOWS\system32\svchost.exe[3220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A40F3C
.text C:\WINDOWS\system32\svchost.exe[3220] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30022
.text C:\WINDOWS\system32\svchost.exe[3220] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30F98
.text C:\WINDOWS\system32\svchost.exe[3220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30FD1
.text C:\WINDOWS\system32\svchost.exe[3220] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30011
.text C:\WINDOWS\system32\svchost.exe[3220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30055
.text C:\WINDOWS\system32\svchost.exe[3220] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[3220] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A30044
.text C:\WINDOWS\system32\svchost.exe[3220] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A30033
.text C:\WINDOWS\system32\svchost.exe[3220] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20FB6
.text C:\WINDOWS\system32\svchost.exe[3220] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A2004B
.text C:\WINDOWS\system32\svchost.exe[3220] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20029
.text C:\WINDOWS\system32\svchost.exe[3220] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[3220] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A2003A
.text C:\WINDOWS\system32\svchost.exe[3220] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A20018

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00417004] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00417004] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\David\LOCALS~1\Temp\b.exe[1072] @ C:\WINDOWS\system32\wininet.dll [USER32.dll!CreateWindowExA] [00417004] C:\DOCUME~1\David\LOCALS~1\Temp\b.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00419B78] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00419BF0] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [00419D82] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MessageBoxW] [00419D8E] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [00419C68] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CreateWindowExW] [00419BF0] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [00419D82] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ShowWindow] [00419C68] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [00419D16] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxW] [00419D8E] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxA] [00419D8E] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [00419D7C] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamA] [00419D82] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [00419D82] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00419B78] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00419BF0] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxA] [00419D8E] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxW] [00419D8E] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [00419D7C] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [00419D7C] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00419D16] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [00419C68] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [00419D16] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!ShowWindow] [00419C68] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExA] [00419B78] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!MessageBoxW] [00419D8E] C:\WINDOWS\msa.exe
IAT C:\WINDOWS\msa.exe[1956] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!MessageBoxA] [00419D8E] C:\WINDOWS\msa.exe

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat F046AD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:15 PM

Posted 25 September 2009 - 10:46 AM

Hi, Dave1954

Download OTL.exe to your Desktop.
  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    Explorer

    :Files
    C:\WINDOWS\msa.exe

    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.
Turn Off your security and attempt Combo-fix.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Dave1954

Dave1954
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 25 September 2009 - 11:13 AM

OTL Report

I'll try Combo-Fix again after turning off McAfee

All processes killed
========== PROCESSES ==========
No active process named Explorer was found!
========== FILES ==========
File\Folder C:\WINDOWS\msa.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: David
->Temp folder emptied: 3388982 bytes
->Temporary Internet Files folder emptied: 129049103 bytes
->Java cache emptied: 56040761 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 11646007 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 71916846 bytes

User: YellowBar

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 11466395 bytes
File delete failed. C:\WINDOWS\temp\mcmsc_eJYDdTMS1LVHL3s scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_THLXgnwivZgZabO scheduled to be deleted on reboot.
Windows Temp folder emptied: 423964744 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 674.78 mb


OTL by OldTimer - Version 3.0.14.0 log created on 09252009_120225

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\mcmsc_eJYDdTMS1LVHL3s not found!
File\Folder C:\WINDOWS\temp\mcmsc_THLXgnwivZgZabO not found!

Registry entries deleted on Reboot...

#9 Dave1954

Dave1954
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 25 September 2009 - 11:45 AM

ComboFix completed. ComboFix.txt below. Let me know the next step when you get a chance. Thanks

ComboFix 09-09-24.01 - David 09/25/2009 12:20.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.387 [GMT -4:00]
Running from: c:\documents and settings\David\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\omyfulaqy.inf
c:\windows\abahowyro.vbs
c:\windows\run.log
c:\windows\system32\drivers\UACqqnboxwyex.sys
c:\windows\system32\net.net
c:\windows\system32\UACqmouemfnka.dat
c:\windows\system32\UACtfpknaiulm.dll
c:\windows\uzyz.inf

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-25 16:02 . 2009-09-25 16:02 -------- d-----w- C:\_OTL
2009-09-25 06:30 . 2009-09-25 06:30 288768 ----a-w- C:\2ln63ypk.exe
2009-09-24 15:21 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 15:21 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-24 15:21 . 2009-09-25 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 14:14 . 2009-09-24 23:59 0 ----a-r- c:\windows\win32k.sys
2009-09-21 01:04 . 2009-09-21 01:04 -------- d-----w- c:\documents and settings\David\Application Data\Malwarebytes
2009-09-21 01:04 . 2009-09-21 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-10 12:22 . 2009-09-10 12:22 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-10 12:21 . 2009-09-10 12:21 -------- d-----w- c:\program files\real
2009-09-10 07:13 . 2009-09-10 07:13 117608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-09 19:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 21:51 . 2009-09-07 21:51 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\IsolatedStorage
2009-09-07 21:50 . 2009-09-07 21:50 -------- d-----w- c:\program files\NetLibrary

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 01:22 . 2007-02-14 22:31 -------- d-----w- c:\program files\McAfee
2009-09-21 01:22 . 2006-02-27 16:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-16 13:19 . 2008-11-02 00:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-10 12:22 . 2005-12-13 08:33 -------- d-----w- c:\program files\Common Files\Real
2009-09-10 12:21 . 2005-12-13 08:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-10 10:38 . 2007-10-22 01:24 -------- d-----w- c:\program files\Dl_cats
2009-08-21 17:15 . 2006-02-15 14:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-15 03:44 . 2006-02-27 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-15 02:11 . 2006-09-26 12:42 -------- d-----w- c:\program files\Lavasoft
2009-08-15 02:09 . 2007-06-16 14:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-15 02:07 . 2007-10-21 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-15 01:56 . 2009-08-15 01:56 18257 ----a-w- c:\documents and settings\All Users\Application Data\hixoguko.bin
2009-08-15 01:56 . 2009-08-15 01:56 17659 ----a-w- c:\documents and settings\David\Application Data\qorafep.pif
2009-08-15 01:56 . 2009-08-15 01:56 11296 ----a-w- c:\windows\system32\xosoju.bin
2009-08-10 03:37 . 2006-02-01 13:27 48128 ----a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2004-08-11 23:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 16:32 . 2007-02-14 22:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-14 03:43 . 2004-08-11 23:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2007-02-14 22:32 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 17:44 . 2007-02-14 22:32 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-08 17:44 . 2007-02-14 22:32 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 17:44 . 2007-02-14 22:32 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 17:43 . 2007-02-14 22:32 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2008-11-09 23:25 . 2007-12-18 02:18 88 --sh--r- c:\windows\system32\70CE29B25D.sys
2008-11-09 23:25 . 2006-02-01 13:27 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"dlcdmon.exe"="c:\program files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 430080]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 944\memcard.exe" [2005-06-27 282624]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-10 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"DLCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2007-11-12 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Dialer (OnStartup).lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Dialer (OnStartup).lnk
backup=c:\windows\pss\VPN Dialer (OnStartup).lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\oracle\\product\\10.2.0\\db_1\\jdk\\jre\\bin\\java.exe"=
"c:\\j2sdk1.4.2_10\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/1/2008 2:19 PM 206096]
R2 OracleServiceORCL;OracleServiceORCL;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL --> c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE ORCL [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2007 10:46 AM 24652]
R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR --> c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR [?]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL --> c:\oracle\product\10.2.0\db_1\Bin\extjob.exe ORCL [?]
.
Contents of the 'Scheduled Tasks' folder

2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 01:26]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=na-proxy.alcoa.com:80
uInternet Settings,ProxyOverride = *.alcoa.com;*.*.alcoa.com;*.mrplastics.com;*.huck.com;*.fairchilddirect.com;*.howmet.com;*.rmc.com;147.154.*.*;192.168.*.*;192.55.195.*;155.248.*.*;10.*.*.*;137.27.*.*;142.79.*.*;*.alcoadirect.com;*.hewitt.com;*.*.rservices.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: zanettsolutions.com\bp
Trusted Zone: musicmatch.com\online
DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} - hxxps://bp.zanettsolutions.com/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-net - c:\windows\system32\net.net
AddRemove-Dell Game Console - c:\program files\WildTangent\Apps\Dell Game Console\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-25 12:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\system32\nmesrvc_core_2009_9_25_12_31_57.dmp 12308 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb10g_home1TNSListener]
"ImagePath"="c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(1464)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\oracle\product\10.2.0\db_1\BIN\isqlplussvc.exe
c:\oracle\product\10.2.0\db_1\BIN\oracle.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dlcdcoms.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-25 12:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-25 16:38

Pre-Run: 12,235,071,488 bytes free
Post-Run: 12,095,062,016 bytes free

271 --- E O F --- 2009-09-10 07:07

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:15 PM

Posted 25 September 2009 - 01:24 PM

Hi, Dave1954 :(

Lets search for remnants:

Please run the F-Secure Online Scanner

Note: You must use Internet Explorer for this scan!
  • Accept the License Agreement.
  • Once the ActiveX installs click Full System Scan
  • Once the download completes, the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy and paste the entire report in your next reply.
Note: Turn Off McAfee protection during this scan as it may interfere. You can turn it back On afterward.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Dave1954

Dave1954
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 25 September 2009 - 07:44 PM

F-Secure Online Scanner completed. Below is report. Thanks

Scanning Report
Friday, September 25, 2009 18:59:30 - 20:40:49
Computer name: CONSULTINGPC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\


--------------------------------------------------------------------------------

10 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.Adinterax (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Adtech (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Specificclick (spyware)
System (Disinfected)
TrackingCookie.Adbrite (spyware)
System (Disinfected)
TrackingCookie.Xiti (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 93446
System: 4126
Not scanned: 14
Actions:
Disinfected: 10
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\MCMSC_JRZWBPXKGHNNEFE
C:\WINDOWS\TEMP\SQLITE_6IGA3SIBHJSGFXE
C:\WINDOWS\TEMP\SQLITE_P27UWE2GTMY6YU6
C:\WINDOWS\TEMP\SQLITE_7S8TQQTFEUEIROO
C:\WINDOWS\TEMP\SQLITE_XWOXDCGHTHMWXJT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_50E417E0-E461-474B-96E2-077B80325612

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

--------------------------------------------------------------------------------

Copyright 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:15 PM

Posted 25 September 2009 - 10:03 PM

Hi, Dave1954 :(

All seems clear.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix
  • Click START then RUN
  • Now type or copy and paste "c:\documents and settings\David\Desktop\Combo-Fix.exe" /u in the runbox (including the quotation marks) and click OK. Note the space between the " and the /u, it needs to be there.
Create a Restore point (If the above process fails to do so):
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "After Cleanup", then click Create.
How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Dave1954

Dave1954
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 26 September 2009 - 06:07 AM

Computer appears fine. After I reinstalled anti-Malware software I was able to run a scan. Thanks so much for your prompt help!

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:15 PM

Posted 26 September 2009 - 11:27 AM

Hi, Dave1954 :(

Congratulations.

The following is a list of free tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - A useful tool which can search and annhilate bad files that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills bad files that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep bad files from installing on your system.
  • ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those bad files that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:15 PM

Posted 04 October 2009 - 07:20 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users