Avenger:
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "c:\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
ComboFix:
ComboFix 09-11-06.03 - Chris 11/07/2009 9:31.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1463 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\goalie7960.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cleanup.exe
c:\documents and settings\Chris\Start Menu\Programs\Startup\scandisk.lnk
c:\documents and settings\Remote\Start Menu\Programs\Startup\scandisk.lnk
c:\program files\AV Care
c:\program files\Mozilla Firefox\extensions\{421068A6-5C0B-49DF-A122-71E15B71473F}
c:\program files\Mozilla Firefox\extensions\{421068A6-5C0B-49DF-A122-71E15B71473F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{421068A6-5C0B-49DF-A122-71E15B71473F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{421068A6-5C0B-49DF-A122-71E15B71473F}\install.rdf
c:\windows\Install.txt
c:\windows\isvchost.exe
c:\windows\run.log
c:\windows\system32\404Fix.exe
c:\windows\system32\4145167.exe
c:\windows\system32\8241_2.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Install.txt
c:\windows\system32\mscert.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vepewuko.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\xa.tmp
Infected copy of c:\windows\system32\drivers\iastor.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WIN32X
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_ovfsthlfioohgksrsunosvrkbnyxjmvqcdbhmw
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.
2009-11-07 14:25 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-07 14:25 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-03 00:24 . 2009-11-03 00:24 34816 ----a-w- c:\windows\system32\drivers\tatertot.scr.sys
2009-10-25 23:21 . 2009-10-25 23:21 117760 ----a-w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-25 23:20 . 2009-10-25 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-25 23:19 . 2009-10-25 23:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-25 23:19 . 2009-10-25 23:19 -------- d-----w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com
2009-10-25 23:19 . 2009-10-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 23:09 . 2009-10-25 23:09 -------- d-----w- c:\program files\trend micro
2009-10-25 23:09 . 2009-10-25 23:09 -------- d-----w- C:\rsit
2009-10-25 18:28 . 2009-10-25 18:28 -------- d-----w- c:\program files\Sophos
2009-10-25 18:17 . 2009-10-25 18:17 77 ----a-w- c:\windows\system32\uses32.dat
2009-10-25 13:40 . 2009-10-25 13:40 -------- d-----w- C:\found.000
2009-10-21 00:08 . 2009-10-21 00:08 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-10-20 23:54 . 2009-10-20 23:54 22368 ----a-w- c:\documents and settings\Remote\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 23:50 . 2009-10-20 23:50 -------- d-----w- c:\documents and settings\Remote\Local Settings\Application Data\Apple Computer
2009-10-20 23:17 . 2009-11-02 01:10 0 ----a-w- c:\windows\win32k.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 14:57 . 2006-05-06 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DIGStream
2009-11-07 14:56 . 2009-10-04 00:08 -------- d-----w- c:\documents and settings\Chris\Application Data\Dropbox
2009-11-03 01:42 . 2009-10-03 04:46 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 23:36 . 2009-10-20 23:36 0 ----a-w- c:\documents and settings\Chris\DB7.tmp
2009-10-20 23:36 . 2009-10-20 23:36 88576 ----a-w- c:\documents and settings\Chris\DB6.tmp
2009-10-20 23:35 . 2009-10-20 23:35 52 ----a-w- c:\documents and settings\Chris\DB0.tmp
2009-10-18 19:01 . 2009-09-12 16:36 -------- d-----w- c:\documents and settings\Chris\Application Data\vlc
2009-10-16 07:23 . 2009-06-26 12:30 362664 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-04 00:08 . 2009-10-04 00:08 89813 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\Uninstall.exe
2009-09-28 02:23 . 2006-12-10 00:11 -------- d-----w- c:\documents and settings\Chris\Application Data\dvdcss
2009-09-26 13:00 . 2006-02-10 20:45 -------- d-----w- c:\documents and settings\Chris\Application Data\Apple Computer
2009-09-26 12:56 . 2009-09-26 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-26 12:56 . 2008-12-05 01:15 -------- d-----w- c:\program files\iTunes
2009-09-26 12:55 . 2009-09-26 12:55 -------- d-----w- c:\program files\iPod
2009-09-26 12:55 . 2007-07-26 00:09 -------- d-----w- c:\program files\Common Files\Apple
2009-09-26 12:53 . 2009-09-26 12:52 -------- d-----w- c:\program files\QuickTime
2009-09-26 12:46 . 2009-09-26 12:46 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-26 12:44 . 2009-09-26 12:44 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-25 22:13 . 2009-09-25 22:13 26801794 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\Dropbox.exe
2009-09-25 05:37 . 2004-08-04 17:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 17:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-16 00:53 . 2009-04-25 18:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-16 00:53 . 2009-09-16 00:53 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-16 00:53 . 2008-03-16 19:01 38208 ----a-w- c:\documents and settings\Chris\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-12 22:40 . 2006-02-10 21:33 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-12 20:12 . 2009-09-12 20:12 552256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2009-09-12 20:12 . 2009-09-12 20:12 552256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2009-09-12 20:08 . 2006-02-10 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-12 20:04 . 2007-12-16 22:10 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-09-12 20:03 . 2007-12-16 22:08 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-09-12 20:01 . 2009-09-12 20:01 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-09-12 18:42 . 2007-12-17 09:58 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-09-12 18:42 . 2007-12-17 09:58 1721312 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-09-12 18:34 . 2006-02-10 21:23 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-09-12 16:48 . 2006-02-10 21:22 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-12 16:23 . 2006-02-10 21:23 -------- d-----w- c:\program files\Microsoft.NET
2009-09-12 14:04 . 2007-12-16 21:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-11 14:18 . 2004-08-04 17:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 17:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 23:42 . 2009-06-17 23:06 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2007-11-08 03:37 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2004-08-04 17:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 23:56 . 2009-08-24 23:56 0 ----a-w- c:\windows\PowerReg.dat
2006-05-06 16:42 . 2006-10-13 00:54 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2006-02-11 21:17 . 2006-02-11 21:16 56 --sha-r- c:\windows\system32\BFD3CF9B63.sys
2006-02-11 21:17 . 2006-02-11 21:16 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.3.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-11 133104]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-10-31 278528]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"combofix"="c:\goalie7960\CF1602.exe" [2009-11-07 389120]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\Chris\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Chris\Application Data\Dropbox\bin\Dropbox.exe [2009-9-25 26801794]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\drivers\smss.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"autochk"=rundll32.exe c:\docume~1\Chris\protect.dll,_IWMPEvents@16
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DIGServices"=c:\program files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Return to Castle Wolfenstein - Game of The Year Edition\\WolfMP.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"c:\\TEST\\SocketsServer\\Debug\\SocketsServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\TEST\\UdpSender\\bin\\Debug\\UdpSender.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"=
"c:\\Program Files\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Adobe\\Flex Builder 3\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\memcached\\memcached-1.2.4-Win32-Preview-20080309_bin\\memcached.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6112:TCP"= 6112:TCP:war6112
"6113:TCP"= 6113:TCP:war6113
"6114:TCP"= 6114:TCP:war6114
"6115:TCP"= 6115:TCP:war6115
"6116:TCP"= 6116:TCP:war6116
"6117:TCP"= 6117:TCP:war6117
"6118:TCP"= 6118:TCP:war6118
"6119:TCP"= 6119:TCP:war6119
"13335:TCP"= 13335:TCP:BitComet 13335 TCP
"13335:UDP"= 13335:UDP:BitComet 13335 UDP
"80:TCP"= 80:TCP:SYSDLL
"7171:TCP"= 7171:TCP:SYSDLL
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 8:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 8:24 PM 74480]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\documents and settings\Chris\My Documents\virtualdrive\VCdRom.sys [12/17/2007 4:41 AM 8576]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 memcached Server;memcached Server;c:\memcached\memcached-1.2.4-Win32-Preview-20080309_bin\memcached.exe [2/14/2009 11:05 AM 172032]
S1 afmypwsz;afmypwsz;\??\c:\windows\system32\drivers\afmypwsz.sys --> c:\windows\system32\drivers\afmypwsz.sys [?]
S1 dkntgslz;dkntgslz;\??\c:\windows\system32\drivers\dkntgslz.sys --> c:\windows\system32\drivers\dkntgslz.sys [?]
S1 gbrqrikt;gbrqrikt;\??\c:\windows\system32\drivers\gbrqrikt.sys --> c:\windows\system32\drivers\gbrqrikt.sys [?]
S1 jqzifduo;jqzifduo;\??\c:\windows\system32\drivers\jqzifduo.sys --> c:\windows\system32\drivers\jqzifduo.sys [?]
S2 svn.local;Subversion Repository;"c:\program files\subversion\bin\svnserve.exe" --service --root c:\sourcecode --> c:\program files\subversion\bin\svnserve.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [8/27/2007 9:29 PM 16512]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\75.tmp --> c:\windows\system32\75.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 8:24 PM 7408]
S3 tatertot.scr;tatertot.scr;c:\windows\system32\drivers\tatertot.scr.sys [11/2/2009 7:24 PM 34816]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [8/15/2008 1:47 PM 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [8/15/2008 1:47 PM 369688]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder
2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-11-02 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-04 17:00]
2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2684849038-1165274592-3421407881-1006Core.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-11 00:30]
2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2684849038-1165274592-3421407881-1006UA.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-11 00:30]
2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-05 15:53]
2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-05 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\uugiba8t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\uugiba8t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-lsdefrag - c:\docume~1\Chris\LOCALS~1\Temp\mwseoncrax.tmp
SharedTaskScheduler-{dda550d9-1007-4bf7-8803-3c3cd53d201a} - c:\windows\system32\pudatihi.dll
SSODL-gineyepiz-{dda550d9-1007-4bf7-8803-3c3cd53d201a} - c:\windows\system32\pudatihi.dll
AddRemove-AV Care - c:\program files\AV Care\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-07 09:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\75.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]
"ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2684849038-1165274592-3421407881-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}\iexplore]
@DACL=(02 0000)
"Type"=dword:00000003
"Count"=dword:00000035
"Time"=hex:d9,07,0a,00,00,00,19,00,17,00,12,00,23,00,77,00
[HKEY_USERS\S-1-5-21-2684849038-1165274592-3421407881-1006\Software\SecuROM\License information*]
"datasecu"=hex:a3,5e,08,21,3c,cb,a7,f4,3e,30,52,de,aa,aa,e7,2b,fe,40,4f,ff,ac,
0a,bf,14,61,79,75,6d,1e,dc,5b,c4,e5,aa,36,03,a2,8e,b2,a7,66,92,17,36,d4,9f,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\DirectX Extensions\DXDebugService.exe
c:\program files\ESPNRunTime\DIGServices.exe
c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\logon.scr
.
**************************************************************************
.
Completion time: 2009-11-07 10:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 15:26
Pre-Run: 177,703,608,320 bytes free
Post-Run: 178,355,769,344 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=3
- - End Of File - - 00C710560917AB6B7A03E25FBE673811
Qoobox:
3ivx D4 4.5.1 (remove only)
7-Zip 4.62
ABBYY FineReader 5.0 Sprint Plus
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Flex Builder 3
Adobe Media Player
Adobe Reader 7.0.7
AiO_Scan_CDA
AiOSoftwareNPI
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AV Care
BufferChm
Civilization III
Civilization III v1.29f
Crystal Reports Basic for Visual Studio 2008
CustomerResearchQFolder
Data Lifeguard Tools
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Destinations
DeviceManagementQFolder
Digital Content Portal
DivX Content Uploader
DivX Web Player
Dropbox
DVD Decrypter (Remove Only)
EA Download Manager
Enterprise Library 4.1 - October 2008
EPSON Printer Software
ESPN RunTime
eSupportQFolder
Ethereal 0.99.0
F300
F300_Help
Fax_CDA
Google AFE
Google Chrome
Google Talk (remove only)
GoToMeeting 4.0.0.320
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Office (KB950278)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
ImTOO DVD to iPod Converter
ImTOO MP4 Video Converter
InstantShareDevicesMFC
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iPhone Configuration Utility
ISO Recorder
IsoBuster 2.1
iTunes
Java 6 Update 13
Learn2 Player (Uninstall Only)
Locomotion
Macromedia Flash Player
Magic Online
MarketResearch
MATLAB 6.1
McAfee SecurityCenter
McAfee Uninstaller
MCU
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Device Emulator version 3.0 - ENU
Microsoft DirectX SDK (June 2006)
Microsoft Document Explorer 2005
Microsoft Document Explorer 2008
Microsoft FrontPage Client - English
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Platform SDK (3790.1830)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server VSS Writer
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual SourceSafe 2005 - ENU
Microsoft Visual Studio .NET Professional 2003 - English
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 6.0 Professional Edition
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Web Platform Installer 2.0 RC
Microsoft Web Publishing Wizard 1.53
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
Microsoft XNA Framework Redistributable 1.0 Refresh
Microsoft XNA Game Studio Express 1.0 Refresh
Mozilla Firefox (3.0.14)
MSDN Library for Visual Studio 2005
MSDN Library for Visual Studio 2008 - ENU
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch for Windows Media Player
NewCopy_CDA
PowerISO
ProductContextNPI
QuickTime
Readme
Return to Castle Wolfenstein - Game of The Year Edition
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sid Meier's Pirates!
SmartSVN 3.0.6
SolutionCenter
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sophos Anti-Rootkit 1.5.0
SPORE™
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Status
SUPERAntiSpyware Free Edition
Toolbox
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnyiper
TurboTax 2008 wrapper
TurboTax Deluxe 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio .NET Professional 2003 - English
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
Visual Studio.NET Baseline - English
VLC media player 1.0.1
Warcraft III: All Products
WebFldrs XP
WebReg
WinAce Archiver
Winamp (remove only)
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows PowerShell 1.0
Windows XP Service Pack 3
WinPcap 3.1
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
Xvid 1.1.3 final uninstall
Win32k:
Running from: C:\Documents and Settings\Chris\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\Chris\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.VisualStudio\Microsoft.VisualStudio
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.VisualStudio\Microsoft.VisualStudio
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.VSDesigner\Microsoft.VSDesigner
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\Microsoft.VSDesigner\Microsoft.VSDesigner
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP103E.tmp\ZAP103E.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP103E.tmp\ZAP103E.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP88F.tmp\ZAP88F.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP88F.tmp\ZAP88F.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E.tmp\ZAP9E.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E.tmp\ZAP9E.tmp
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Config\Config
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : C:\WINDOWS\ERDNT\ERDNT
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ERDNT\ERDNT
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave
Found mount point : C:\WINDOWS\IIS Temporary Compressed Files\IIS Temporary Compressed Files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\IIS Temporary Compressed Files\IIS Temporary Compressed Files
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\chsime\applets\applets
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp\applets\applets
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp98\imejp98
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\shared\res\res
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\4E1DAD7D4F54B2B398A9AE271876CEF4\9.0.30729\9.0.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\4E1DAD7D4F54B2B398A9AE271876CEF4\9.0.30729\9.0.30729
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\50512592984F2284DAAF236CED4E1F41\8.0.6\8.0.6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\50512592984F2284DAAF236CED4E1F41\8.0.6\8.0.6
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\52CB9D6ECBD08634E8A4D7EE0866C19D\8.0.148\8.0.148
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\52CB9D6ECBD08634E8A4D7EE0866C19D\8.0.148\8.0.148
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\AC1F0757D610CA645B68DC4746E5BF25\8.0.211\8.0.211
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\AC1F0757D610CA645B68DC4746E5BF25\8.0.211\8.0.211
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\BC70ED3CF630CB5458DB6DFF5C3D6330\8.0.118\8.0.118
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\BC70ED3CF630CB5458DB6DFF5C3D6330\8.0.118\8.0.118
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\FC62732BFB866A144ABE271FF278EF50\8.0.63\8.0.63
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\FC62732BFB866A144ABE271FF278EF50\8.0.63\8.0.63
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\trustlib\trustlib
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\calculatorws\92c7313f\23f3740c\Sources_App_Code\Sources_App_Code
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\calculatorws\92c7313f\23f3740c\Sources_App_Code\Sources_App_Code
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\filesociety\c821ba29\e3c7dd37\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\filesociety\c821ba29\e3c7dd37\assembly\temp\temp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\filesociety\c821ba29\e3c7dd37\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\filesociety\c821ba29\e3c7dd37\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\firstws\cde43918\1e63efd2\Sources_App_Code\Sources_App_Code
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\firstws\cde43918\1e63efd2\Sources_App_Code\Sources_App_Code
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\flixviewer\4e9e8e7a\d2017f1\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\flixviewer\4e9e8e7a\d2017f1\assembly\temp\temp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\flixviewer\4e9e8e7a\d2017f1\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\flixviewer\4e9e8e7a\d2017f1\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\080df7b3\2dfeabb4\assembly\dl3\dl3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\080df7b3\2dfeabb4\assembly\dl3\dl3
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\080df7b3\2dfeabb4\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\080df7b3\2dfeabb4\assembly\temp\temp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\080df7b3\2dfeabb4\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\080df7b3\2dfeabb4\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\080df7b3\_shadow\_shadow
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\080df7b3\_shadow\_shadow
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\17c8c0e6\c94252b4\Sources_App_Code\Sources_App_Code
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\17c8c0e6\c94252b4\Sources_App_Code\Sources_App_Code
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\17c8c0e6\_shadow\_shadow
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\17c8c0e6\_shadow\_shadow
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\fefe6739\cb42274e\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\fefe6739\cb42274e\assembly\temp\temp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\fefe6739\cb42274e\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\luxlucet\fefe6739\cb42274e\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\n-layer\c815a361\6190b689\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\n-layer\c815a361\6190b689\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\25fb9cb6\24b11878\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\25fb9cb6\24b11878\assembly\temp\temp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\25fb9cb6\24b11878\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\25fb9cb6\24b11878\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\2eee3345\d8008b9a\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\2eee3345\d8008b9a\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\3bb84bb7\69b282ce\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\3bb84bb7\69b282ce\assembly\temp\temp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\3bb84bb7\69b282ce\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\3bb84bb7\69b282ce\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\6290363a\b8a7e008\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\6290363a\b8a7e008\assembly\temp\temp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\6290363a\b8a7e008\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\6290363a\b8a7e008\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\8a4095e4\ea32e11c\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\8a4095e4\ea32e11c\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9536b032\d335a284\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9536b032\d335a284\assembly\temp\temp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9536b032\d335a284\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9536b032\d335a284\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\a43b8d80\91f1ab8e\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\a43b8d80\91f1ab8e\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\b906c4fa\538d8a76\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\b906c4fa\538d8a76\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\c76fd534\caed7cce\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\c76fd534\caed7cce\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\c8e0cae6\86f9d6fe\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\c8e0cae6\86f9d6fe\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\de04c404\736e64c8\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\de04c404\736e64c8\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\de04c404\_shadow\_shadow
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\de04c404\_shadow\_shadow
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website\2de83f5a\b76707d7\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website\2de83f5a\b76707d7\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website\76c001fd\6ba32040\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website\76c001fd\6ba32040\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website\76c001fd\6ba32040\Sources_App_Code\Sources_App_Code
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website\76c001fd\6ba32040\Sources_App_Code\Sources_App_Code
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PIF\PIF
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : C:\WINDOWS\setup.pss\setup.pss
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\setup.pss\setup.pss
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\95b0eb6de61f9c4758f6dd82521ed694\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\95b0eb6de61f9c4758f6dd82521ed694\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Finished!