Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows explorer is unavailable


  • This topic is locked This topic is locked
5 replies to this topic

#1 jrr91

jrr91

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 06 November 2009 - 06:53 PM

I suspected my system was infected with a virus or trojan as Mcafee wouldn't work, nor would Spybot S&D. Did a Mcafee online scan which determined it was sasser worm. Downloaded and ran Mcafee Stinger removal tool as recommended by their site. During the stinger scan my desktop and such disappeared, leaving only the wallpaper. I accessed the task mgr w/ctrl-alt-del and located explorer.exe. I received the message "...you may not have the appropriate permission to access the item." Nothing on the Mcafee site to help with this problem. I am using a Dell Dimension 4700 running Windows XP which has all current updates. I need to get this thing back in working order. What do I do next?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:20 AM

Posted 06 November 2009 - 08:31 PM

Some rootkits can terminate your security tools by changing the permissions on targeted programs so that they cannot run or complete scans. Further investigation is required to determine if this is the case with the issues you have described.

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad, then copy and paste the entire contents starting with Running from... to Finished!) in your next reply.
Then go to Posted Image > Run..., and copy and paste this command into the open box: cmd
press OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop and open in Notepad.
Copy and paste the contents of that file in your next reply.

-- Vista users can refer to these instructions to open a command prompt.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jrr91

jrr91
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 06 November 2009 - 09:31 PM

Thank you for the prompt reply. Ran Win32kDiag.exe. Will post log.txt next.
Contents of win32kDiag.txt are as follows:

Running from: C:\Documents and Settings\User\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\User\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ADDINS\ADDINS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP121.tmp\ZAP121.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP13F.tmp\ZAP13F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP1AA.tmp\ZAP1AA.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP380.tmp\ZAP380.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Temp\ZAP385.tmp\ZAP385.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\TEMP\TEMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\explorer.exe

[1] 2007-06-13 05:26:03 1033216 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe (Microsoft Corporation)

[1] 2007-06-13 04:23:07 1033216 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe (Microsoft Corporation)

[1] 2004-08-03 16:56:50 1032192 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:19 1033728 C:\WINDOWS\explorer.exe ()

[1] 2008-04-13 18:12:19 1033728 C:\WINDOWS\ServicePackFiles\i386\explorer.exe (Microsoft Corporation)

[1] 2004-08-03 16:56:50 1032192 C:\i386\explorer.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\SHARED\RES\RES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}\{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\JAVA\CLASSES\CLASSES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe

[1] 2004-08-04 05:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:21 744448 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe ()

[1] 2008-04-13 18:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)

[1] 2004-08-04 05:00:00 743936 C:\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\e9fe9a7f9083b5302f779977df11c395\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SYSTEM32\eventlog.dll

[1] 2004-08-03 16:56:44 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 61952 C:\WINDOWS\SYSTEM32\eventlog.dll ()

[2] 2008-04-13 18:11:53 56320 C:\WINDOWS\SYSTEM32\logevent.dll (Microsoft Corporation)

[1] 2004-08-03 16:56:44 55808 C:\i386\eventlog.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\History\Results\Results

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00000\MCE00000

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00001\MCE00001

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00002\MCE00002

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00003\MCE00003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00004\MCE00004

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00005\MCE00005

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00006\MCE00006

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00007\MCE00007

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00008\MCE00008

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00009\MCE00009

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000a\MCE0000a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000b\MCE0000b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000c\MCE0000c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000d\MCE0000d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000e\MCE0000e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0000f\MCE0000f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00010\MCE00010

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00011\MCE00011

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00012\MCE00012

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00013\MCE00013

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00014\MCE00014

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00015\MCE00015

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00016\MCE00016

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00017\MCE00017

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00018\MCE00018

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00019\MCE00019

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001a\MCE0001a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001b\MCE0001b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001c\MCE0001c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001d\MCE0001d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001e\MCE0001e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0001f\MCE0001f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00020\MCE00020

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00021\MCE00021

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00022\MCE00022

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00023\MCE00023

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00024\MCE00024

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00025\MCE00025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00026\MCE00026

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00027\MCE00027

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00028\MCE00028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00029\MCE00029

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002a\MCE0002a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002b\MCE0002b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002c\MCE0002c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002d\MCE0002d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002e\MCE0002e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0002f\MCE0002f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00030\MCE00030

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00031\MCE00031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00032\MCE00032

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00033\MCE00033

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00034\MCE00034

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00035\MCE00035

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00036\MCE00036

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00037\MCE00037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00038\MCE00038

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00039\MCE00039

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003a\MCE0003a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003b\MCE0003b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003c\MCE0003c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003d\MCE0003d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003e\MCE0003e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0003f\MCE0003f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00040\MCE00040

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00041\MCE00041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00042\MCE00042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00043\MCE00043

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00044\MCE00044

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00045\MCE00045

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00046\MCE00046

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00047\MCE00047

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00048\MCE00048

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00049\MCE00049

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004a\MCE0004a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004b\MCE0004b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004c\MCE0004c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004d\MCE0004d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004e\MCE0004e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0004f\MCE0004f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00050\MCE00050

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00051\MCE00051

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00052\MCE00052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00053\MCE00053

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00054\MCE00054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00055\MCE00055

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00056\MCE00056

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00057\MCE00057

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00058\MCE00058

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00059\MCE00059

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005a\MCE0005a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005b\MCE0005b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005c\MCE0005c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005d\MCE0005d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005e\MCE0005e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0005f\MCE0005f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00060\MCE00060

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00061\MCE00061

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00062\MCE00062

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00063\MCE00063

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00064\MCE00064

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00065\MCE00065

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00066\MCE00066

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00067\MCE00067

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00068\MCE00068

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00069\MCE00069

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006a\MCE0006a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006b\MCE0006b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006c\MCE0006c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006d\MCE0006d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006e\MCE0006e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0006f\MCE0006f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00070\MCE00070

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00071\MCE00071

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00072\MCE00072

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00073\MCE00073

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00074\MCE00074

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00075\MCE00075

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00076\MCE00076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00077\MCE00077

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00078\MCE00078

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00079\MCE00079

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007a\MCE0007a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007b\MCE0007b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007c\MCE0007c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007d\MCE0007d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007e\MCE0007e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0007f\MCE0007f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00080\MCE00080

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00081\MCE00081

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00082\MCE00082

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00083\MCE00083

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00084\MCE00084

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00085\MCE00085

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00086\MCE00086

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00087\MCE00087

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00088\MCE00088

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00089\MCE00089

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008a\MCE0008a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008b\MCE0008b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008c\MCE0008c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008d\MCE0008d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008e\MCE0008e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0008f\MCE0008f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00090\MCE00090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00091\MCE00091

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00092\MCE00092

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00093\MCE00093

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00094\MCE00094

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00095\MCE00095

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00096\MCE00096

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00097\MCE00097

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00098\MCE00098

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE00099\MCE00099

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0009a\MCE0009a

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0009b\MCE0009b

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0009c\MCE0009c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0009d\MCE0009d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0009e\MCE0009e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE0009f\MCE0009f

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000a0\MCE000a0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000a1\MCE000a1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000a2\MCE000a2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000a3\MCE000a3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000a4\MCE000a4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000a5\MCE000a5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000a6\MCE000a6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000a7\MCE000a7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000a8\MCE000a8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000a9\MCE000a9

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000aa\MCE000aa

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ab\MCE000ab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ac\MCE000ac

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ad\MCE000ad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ae\MCE000ae

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000af\MCE000af

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000b0\MCE000b0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000b1\MCE000b1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000b2\MCE000b2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000b3\MCE000b3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000b4\MCE000b4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000b5\MCE000b5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000b6\MCE000b6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000b7\MCE000b7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000b8\MCE000b8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000b9\MCE000b9

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ba\MCE000ba

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000bb\MCE000bb

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000bc\MCE000bc

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000bd\MCE000bd

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000be\MCE000be

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000bf\MCE000bf

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000c0\MCE000c0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000c1\MCE000c1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000c2\MCE000c2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000c3\MCE000c3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000c4\MCE000c4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000c5\MCE000c5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000c6\MCE000c6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000c7\MCE000c7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000c8\MCE000c8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000c9\MCE000c9

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ca\MCE000ca

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000cb\MCE000cb

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000cc\MCE000cc

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000cd\MCE000cd

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ce\MCE000ce

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000cf\MCE000cf

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000d0\MCE000d0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000d1\MCE000d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000d2\MCE000d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000d3\MCE000d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000d4\MCE000d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000d5\MCE000d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000d6\MCE000d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000d7\MCE000d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000d8\MCE000d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000d9\MCE000d9

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000da\MCE000da

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000db\MCE000db

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000dc\MCE000dc

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000dd\MCE000dd

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000de\MCE000de

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000df\MCE000df

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000e0\MCE000e0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000e1\MCE000e1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000e2\MCE000e2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000e3\MCE000e3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000e4\MCE000e4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000e5\MCE000e5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000e6\MCE000e6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000e7\MCE000e7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000e8\MCE000e8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000e9\MCE000e9

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ea\MCE000ea

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000eb\MCE000eb

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ec\MCE000ec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ed\MCE000ed

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ee\MCE000ee

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000ef\MCE000ef

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000f0\MCE000f0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000f1\MCE000f1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000f2\MCE000f2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\MCE000f3\MCE000f3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu100.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu101.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu10B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu112.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu113.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu11B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu126.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu145.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu14D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu14F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu150.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu151.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu158.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu15A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu167.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu168.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu16B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu170.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu175.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu180.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu186.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu18A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu18D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu18F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu193.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu19B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu19C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1A2.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1AB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1AC.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1AD.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1B4.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1B8.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1BB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1BF.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1C8.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1E4.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1ED.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1F1.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1FA.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu1FC.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu20.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu21.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu215.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu22.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu226.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu23.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu238.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu23F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu24.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu244.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu248.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu24C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu24E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu25.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu258.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu26.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu27.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu28.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu29.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu2A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu2B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu2B2.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu2B4.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu2C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu2D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu2DF.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu2E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu2F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu30.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu30F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu31.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu313.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu32.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu33.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu333.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu334.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu34B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu39.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu391.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu3F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu4.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu44.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu45.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu46.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu48.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu4A.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu4B.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu4C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu4C5.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu4E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu50.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu51.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu52C.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu55.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu56.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu57.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu5F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu69.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu6F.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu70.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu72.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu77.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu791.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu7D.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu806.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu82.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu842.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu86.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu90.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu91.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu96.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu97.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcu9E.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuA0.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuAB.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuAC.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuB1.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuBF.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuC5.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuC8.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuCE.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuD9.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuDF.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuEF.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\mcuFF.tmp\vso\vso

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\SansaUpdater\SansaUpdater

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\_ISTMP0.DIR\_ISTMP0.DIR

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{4511E6C2-C2AD-4387-A111-70F2DB8F48C6}\Disk1\Disk1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{53620028-DD98-41A8-BDD7-DA6B10C49C92}\{53620028-DD98-41A8-BDD7-DA6B10C49C92}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{7A900EAB-DA37-4554-AF19-9C337476D05D}\{7A900EAB-DA37-4554-AF19-9C337476D05D}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{971C5099-088D-456A-84E6-4C143D40D2D1}\Disk1\Disk1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\{9E2514D9-DC24-4634-B348-61F3EF0F1628}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{B673B7FC-FADA-4C41-A5CD-C069F9D39879}\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{E2D27B84-6365-11D6-9BAF-0090271AF8A4}\{E2D27B84-6365-11D6-9BAF-0090271AF8A4}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}

Mount point destination : \Device\__max++>\^



Finished!

#4 jrr91

jrr91
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 06 November 2009 - 09:42 PM

Contents of log.txt is as follows:

Volume in drive C has no label.
Volume Serial Number is D495-AEBB

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/03/2004 04:56 PM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/03/2004 04:56 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/03/2004 04:56 PM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 06:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 06:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 06:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\SYSTEM32

04/13/2008 06:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\SYSTEM32

04/13/2008 06:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\SYSTEM32

04/13/2008 06:11 PM 61,952 eventlog.dll
3 File(s) 650,240 bytes

Total Files Listed:
9 File(s) 1,937,920 bytes
0 Dir(s) 16,724,090,880 bytes free

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:20 AM

Posted 06 November 2009 - 11:10 PM

************
It looks like there is a rootkit variant in this log. The rootkit itself is a protection module used to terminate a variety of security tools by changing the permissions on targeted programs so that they cannot run or complete scans. There are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team members or above.

Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.

Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the above Win32kDiag.exe log.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:20 AM

Posted 07 November 2009 - 07:35 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/269726/suspected-rootkit-infection/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users