Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of google redirecting me...


  • This topic is locked This topic is locked
26 replies to this topic

#1 lohsdog

lohsdog

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 07 December 2009 - 03:03 PM

I ran malware bytes and it said it deleted some files, but google redirects still occur. I've also tried online to find how to get rid of the redirects, but none of the methods worked. My logs are attached. I appreciate any help.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Lohse at 13:41:29.79 on Mon 12/07/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1470 [GMT -6:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lohse\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.charter.net/google/index.php?q=
uStart Page = hxxp://www.charter.net/
uWindow Title = Powered by Charter Communications
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Charter Toolbar: {4e7bd74f-2b8d-469e-85ab-af21f3d9ae2f} - c:\progra~1\charte~1\CHARTE~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: SciFinder Scholar Bar: {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Charter Toolbar: {4e7bd74f-2b8d-469e-85ab-af21f3d9ae2f} - c:\progra~1\charte~1\CHARTE~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [<NO NAME>]
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [OEM02Cfg.exe] OEM02Cfg.exe /d:1
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://eversave.coupons.smartsource.com/download/cscmv5X.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\clusapi32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\lohse\appdata\roaming\mozilla\firefox\profiles\oomglasp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.charter.net/google/index.php?q=
FF - component: c:\users\lohse\appdata\roaming\mozilla\firefox\profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2008\chemdraw\NPCDP32.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npSfAppM.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-6-12 73728]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-22 2477304]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-22 23888]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-3-19 111104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]

=============== Created Last 30 ================

2009-12-06 23:06:12 0 d-----w- c:\program files\chartertoolbar
2009-12-06 00:23:36 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-06 00:23:36 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-06 00:23:36 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-06 00:21:21 0 d-----w- c:\program files\Symantec
2009-12-06 00:04:10 0 d-----w- C:\Symantec_Endpoint_Protection11.0.5002
2009-12-05 23:57:03 0 d-----w- c:\programdata\Miracle
2009-12-05 22:23:07 0 d-----w- c:\program files\Perfect Optimizer
2009-12-03 00:18:16 0 d-----w- c:\windows\system32\CatRoot_bak
2009-12-02 17:17:58 0 d-----w- c:\windows\CheckSur
2009-12-02 14:59:32 0 d-----w- c:\windows\system32\EventProviders
2009-12-02 14:56:25 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-12-01 20:01:03 0 d-----w- c:\program files\Roxio Easy Media Creator 7.5
2009-12-01 19:40:30 1372 ----a-w- c:\windows\system32\vd0QbUaMKc4Su.vbs
2009-12-01 19:30:00 1372 ----a-w- c:\windows\system32\paYxwnPDdAcaK.vbs
2009-11-30 19:13:10 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-30 19:12:20 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-30 19:12:19 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-30 19:12:06 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-17 21:39:42 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-17 21:39:40 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-16 14:26:48 29272 ----a-r- c:\windows\system32\AdobePDF.dll

==================== Find3M ====================

2009-12-02 19:40:46 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-02 19:40:46 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-02 19:40:45 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-02 19:32:18 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-22 02:36:59 340341630 ----a-w- c:\windows\DUMP9185.tmp
2009-10-20 20:29:21 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-09-22 20:41:12 87608 ----a-w- c:\users\lohse\appdata\roaming\inst.exe
2009-09-22 20:41:12 47360 ----a-w- c:\users\lohse\appdata\roaming\pcouffin.sys
2009-09-10 17:30:12 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 15:21:53 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:21:07 310784 ----a-w- c:\windows\system32\unregmp2.exe
2008-06-18 14:13:04 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-03-19 16:28:43 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:42:24.74 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 lohsdog

lohsdog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 10 December 2009 - 02:04 PM

I've tried to read other responses to this same problem, but I didn't want to run other programs or delete files that would only be specific to other's computers.

I know a lot of people have struggled with this problem and there is limited help. Please help whenever possible! I don't know if I just bumped my post or not. Sorry if I did.

Thanks.

Edited by lohsdog, 10 December 2009 - 02:22 PM.


#3 lohsdog

lohsdog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 17 December 2009 - 10:14 AM

I'm not sure if my post got passed over, but I still have been having issues with google or any other searches redirecting me when I click on the links.

I ran combofix, attached is the log, but I still have the problem. And now every so often I get the fake virus alert webpage which I can't get rid of unless I end the whole firefox process through the task manager.

From what I read, I need to wait until someone responds, but many others who have posted after me seemed to have gotten help.

If anyone can help, I'd appreciate it.

Thanks.

Attached Files



#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:11 PM

Posted 20 December 2009 - 12:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 lohsdog

lohsdog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 21 December 2009 - 01:26 PM

Thanks for your reply.

Attached is the DDS text and attach file. As I mentioned in the previous post, I tried combofix (attached results in previous post) but that didn't work either, before that, I had run Malwarebytes, but also with no success.

Thanks for your help.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Lohse at 12:19:48.71 on Mon 12/21/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1591 [GMT -6:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lohse\Desktop\dds.scr
C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.charter.net/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Charter Toolbar: {4e7bd74f-2b8d-469e-85ab-af21f3d9ae2f} - c:\progra~1\charte~1\CHARTE~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: SciFinder Scholar Bar: {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Charter Toolbar: {4e7bd74f-2b8d-469e-85ab-af21f3d9ae2f} - c:\progra~1\charte~1\CHARTE~1.DLL
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [OEM02Cfg.exe] OEM02Cfg.exe /d:1
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\lohse\appdata\roaming\mozilla\firefox\profiles\oomglasp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.charter.net/google/index.php?q=
FF - component: c:\users\lohse\appdata\roaming\mozilla\firefox\profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\lohse\appdata\roaming\mozilla\firefox\profiles\oomglasp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2008\chemdraw\NPCDP32.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npSfAppM.dll
FF - plugin: c:\users\lohse\appdata\roaming\mozilla\firefox\profiles\oomglasp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-6-12 73728]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-22 2477304]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-22 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-8 102448]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-3-19 111104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]

=============== Created Last 30 ================

2009-12-17 18:16:29 466944 ----a-w- c:\windows\system32\BSTIEPrintCtl1.dll
2009-12-16 20:49:49 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-16 20:49:47 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-16 20:49:47 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-16 20:40:26 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-16 20:40:25 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-16 20:19:33 0 d-sh--w- C:\$RECYCLE.BIN
2009-12-16 20:14:50 98816 ----a-w- c:\windows\sed.exe
2009-12-16 20:14:50 77312 ----a-w- c:\windows\MBR.exe
2009-12-16 20:14:50 260096 ----a-w- c:\windows\PEV.exe
2009-12-16 20:14:50 161792 ----a-w- c:\windows\SWREG.exe
2009-12-08 15:49:17 0 d-----w- c:\users\lohse\appdata\roaming\QuickScan
2009-12-08 15:12:01 0 d-----w- C:\VundoFix Backups
2009-12-06 23:06:12 0 d-----w- c:\program files\chartertoolbar
2009-12-06 00:23:36 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-06 00:23:36 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-06 00:23:36 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-06 00:21:21 0 d-----w- c:\program files\Symantec
2009-12-06 00:04:10 0 d-----w- C:\Symantec_Endpoint_Protection11.0.5002
2009-12-05 23:57:03 0 d-----w- c:\programdata\Miracle
2009-12-03 00:18:16 0 d-----w- c:\windows\system32\CatRoot_bak
2009-12-02 17:17:58 0 d-----w- c:\windows\CheckSur
2009-12-02 14:59:32 0 d-----w- c:\windows\system32\EventProviders
2009-12-02 14:56:25 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-12-01 20:01:03 0 d-----w- c:\program files\Roxio Easy Media Creator 7.5
2009-12-01 19:40:30 1372 ----a-w- c:\windows\system32\vd0QbUaMKc4Su.vbs
2009-12-01 19:30:00 1372 ----a-w- c:\windows\system32\paYxwnPDdAcaK.vbs
2009-11-30 19:13:10 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-30 19:12:20 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-30 19:12:19 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-30 19:12:06 714240 ----a-w- c:\windows\system32\timedate.cpl

==================== Find3M ====================

2009-12-02 19:40:46 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-02 19:40:46 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-02 19:40:45 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-02 19:32:18 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-22 02:36:59 340341630 ----a-w- c:\windows\DUMP9185.tmp
2009-10-20 20:29:21 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-09-22 20:41:12 87608 ----a-w- c:\users\lohse\appdata\roaming\inst.exe
2009-09-22 20:41:12 47360 ----a-w- c:\users\lohse\appdata\roaming\pcouffin.sys
2008-06-18 14:13:04 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-03-19 16:28:43 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 12:20:36.50 ===============

Attached Files


Edited by lohsdog, 21 December 2009 - 01:27 PM.


#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 21 December 2009 - 05:08 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==========

Right click and delete your current copy of Combofix.

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.Posted Image
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* Exehelper log
* Combofix.txt
* OTL.txt
* Extra.txt
* Gmer log
* What do you usually use for antivirus protection? Symantec? Have you purposely disabled it or was this done by the malware?
* What problems remain?

Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 lohsdog

lohsdog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 21 December 2009 - 07:25 PM

Hey t,

Thanks for your help.

I ran exehelper, here is the log.

exeHelper by Raktor
Build 20091220
Run at 17:31:49 on 12/21/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


I also ran combofix as you said. here is the log:

ComboFix 09-12-20.08 - Lohse 12/21/2009 17:35:46.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1790 [GMT -6:00]
Running from: c:\users\Lohse\Desktop\thcbytes.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\ntuser.dat{4e59d608-5512-11de-9bf0-bb5ffc833df8}.TMContainer00000000000000000001.regtrans-ms
c:\users\Lohse\AppData\Roaming\02000000017cd520705C.manifest
c:\users\Lohse\AppData\Roaming\02000000017cd520705O.manifest
c:\users\Lohse\AppData\Roaming\02000000017cd520705P.manifest
c:\users\Lohse\AppData\Roaming\02000000017cd520705S.manifest
c:\users\Lohse\AppData\Roaming\inst.exe
c:\windows\System32\BSTIeprintctl1.dll
c:\windows\system32\paYxwnPDdAcaK.vbs
c:\windows\system32\vd0QbUaMKc4Su.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-21 23:41 . 2009-12-21 23:44 -------- d-----w- c:\users\Lohse\AppData\Local\temp
2009-12-21 23:41 . 2009-12-21 23:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-21 23:41 . 2009-12-21 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-16 20:49 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-16 20:49 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-16 20:49 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-16 20:40 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-16 20:40 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-08 15:49 . 2009-12-08 15:50 -------- d-----w- c:\users\Lohse\AppData\Roaming\QuickScan
2009-12-08 15:46 . 2009-12-08 15:46 -------- d-----w- c:\windows\BDOSCAN8
2009-12-08 15:12 . 2009-12-08 15:12 -------- d-----w- C:\VundoFix Backups
2009-12-06 23:06 . 2009-12-06 23:06 -------- d-----w- c:\program files\chartertoolbar
2009-12-06 00:23 . 2009-12-06 00:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-06 00:21 . 2009-12-06 00:23 -------- d-----w- c:\program files\Symantec
2009-12-06 00:04 . 2009-12-06 00:04 -------- d-----w- C:\Symantec_Endpoint_Protection11.0.5002
2009-12-05 23:57 . 2009-12-05 23:57 -------- d-----w- c:\programdata\Miracle
2009-12-03 00:18 . 2009-12-03 00:18 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-02 17:17 . 2009-12-02 17:17 -------- d-----w- c:\windows\CheckSur
2009-12-02 14:59 . 2009-12-02 14:59 -------- d-----w- c:\windows\system32\EventProviders
2009-12-02 14:56 . 2009-04-11 04:42 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-12-01 21:58 . 2009-12-01 21:58 -------- d-----w- c:\windows\Sun
2009-12-01 21:02 . 2009-12-01 21:02 -------- d-----w- c:\users\Lohse\AppData\Local\Roxio
2009-11-30 19:13 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-30 19:12 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-30 19:12 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 19:09 . 2009-09-09 14:39 -------- d-----w- c:\users\Lohse\AppData\Roaming\Vso
2009-12-16 21:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 09:00 . 2009-12-20 19:16 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091220.004\CCERASER.DLL
2009-12-06 00:25 . 2009-10-05 22:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-06 00:25 . 2009-10-05 22:33 -------- d-----w- c:\programdata\Symantec
2009-12-06 00:23 . 2009-12-06 00:23 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-06 00:23 . 2009-12-06 00:23 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-05 20:57 . 2009-10-20 19:14 -------- d-----w- c:\users\Lohse\AppData\Roaming\Uniblue
2009-12-02 19:32 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-02 14:59 . 2008-03-27 00:50 122984 ----a-w- c:\users\Lohse\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-01 21:53 . 2009-09-06 16:16 117760 ----a-w- c:\users\Lohse\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-01 21:52 . 2009-09-06 16:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-01 21:19 . 2008-03-19 09:02 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-12-01 21:06 . 2008-08-14 00:42 -------- d-----w- c:\users\Lohse\AppData\Roaming\Roxio
2009-12-01 20:48 . 2008-03-19 09:02 -------- d-----w- c:\program files\Roxio
2009-12-01 19:58 . 2008-06-07 05:03 -------- d-----w- c:\users\Lohse\AppData\Roaming\LimeWire
2009-11-26 23:39 . 2009-12-08 15:49 678912 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-26 23:37 . 2009-12-08 15:49 768512 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-19 17:48 . 2009-12-01 16:49 872960 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 17:48 . 2009-12-01 16:49 43008 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 17:48 . 2009-12-01 16:49 340480 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 17:48 . 2009-12-01 16:49 346624 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-17 21:43 . 2008-05-21 21:30 -------- d-----w- c:\programdata\Microsoft Help
2009-11-16 14:25 . 2008-05-20 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-16 09:00 . 2009-12-20 19:16 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091220.004\ECMSVR32.DLL
2009-11-16 09:00 . 2009-11-16 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2009-11-03 02:42 . 2009-10-05 19:53 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 15:21 . 2009-10-27 01:07 -------- d-----w- c:\program files\DivX
2009-10-27 15:18 . 2008-03-19 08:57 -------- d-----w- c:\program files\Google
2009-10-27 15:17 . 2008-03-19 08:44 -------- d-----w- c:\program files\Creative
2009-10-27 15:17 . 2008-03-19 08:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 13:20 . 2009-12-16 20:45 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-16 20:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-16 20:45 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 01:13 . 2009-10-27 01:12 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-23 14:04 . 2009-02-25 13:56 -------- d-----w- c:\users\Lohse\AppData\Roaming\CyberLink
2009-10-22 21:46 . 2009-10-22 14:06 36864 ----a-w- c:\programdata\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
2009-10-22 21:01 . 2009-12-06 00:21 89600 -c--a-w- c:\programdata\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\System32\atl71.dll
2009-10-22 02:36 . 2008-03-19 16:03 340341630 ----a-w- c:\windows\DUMP9185.tmp
2009-10-20 20:29 . 2009-06-09 17:38 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe
2008-03-19 16:28 . 2008-03-19 16:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-22 4352832]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-22 960528]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"OEM02Cfg.exe"="OEM02Cfg.exe" [2007-08-28 28672]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-22 115560]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-19 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UnInstall SciFinder Scholar.lnk]
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Lohse^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-11-22 02:48 165144 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 17:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-10-09 23:56 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-06-29 20:28 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 19:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 19:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 20:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-12-01 21:52 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-01-04 16:02 222504 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 18:31 81920 ----a-w- c:\windows\System32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XFDLINK]
2007-11-26 18:54 45056 ----a-w- c:\program files\CrossFire Commander 7.1\xfdlink.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2052372012-1584203617-4053739633-1000]
"EnableNotificationsRef"=dword:00000001

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 1:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 1:49 PM 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [6/12/2009 3:58 PM 73728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/8/2009 8:59 AM 102448]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [10/22/2009 3:01 PM 23888]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [3/19/2008 10:29 AM 111104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 1:50 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.charter.net/google/index.php?q=
FF - component: c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npSfAppM.dll
FF - plugin: c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 17:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-12-21 17:50:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-21 23:50
ComboFix2.txt 2009-12-16 20:19

Pre-Run: 19,558,281,216 bytes free
Post-Run: 19,162,316,800 bytes free

- - End Of File - - D61ED6EBDDE2C85E5FA1BEA93DFA12A6



However, after running combofix, my system rebooted and I couldn't connect to the internet through firefox or IE. I get the following message:

"C:\ProgramFiles\MozillaFirefox\firefox.exe

Illegal operation attempted on a registry key that has been marked for deletion."



I have an older laptop that I was able to download the otl.exe file and the gmer.exe file and transfer the files through flash drive to my infected laptop, but when I try to run them, they all say the same message "Illegal operation attempted on a registry key that has been marked for deletion."

It also gives me the same message when I try to eject my flash drive

"C:\Windows\System32\rundll32.exe

Illegal operation attempted on a registry key that has been marked for deletion."


So I haven't been able to get back online through my infected computer or run the other programs.


I do have symantec as my antivirus, which says it was up to date and I manually disabled it before running combofix, but now symantec won't start up either.


I'm guessing I'll have to do a system restore?

Thanks for your help.

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 21 December 2009 - 09:01 PM

No!! Do not do a System Restore. Your doing fine. That is a common error after Combofix. Everything is going fine. Reboot again and finish the steps please. Make sure you pick up where you left off and answer all questions. If you still receive errors then tell me about it. Do nothing other than what I suggest please.

If you still can't connect to the internet then please do this..
http://www.bleepingcomputer.com/combofix/h...ombofix#restore

Thanks,
~ t

Edited by thcbytes, 21 December 2009 - 09:08 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 lohsdog

lohsdog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 21 December 2009 - 10:48 PM

Okay, I didn't do a system restore, but after rebooting, no more messages popped up.

I was able to run the other two programs. the logs are below. I have symantec as my antivirus, and I disabled it prior to using the programs.

After running the last two programs, I still get redirected whenever I click on a google link from any kind of search.


OTL logfile created on: 12/21/2009 8:21:05 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Users\Lohse\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.85 Gb Total Space | 17.90 Gb Free Space | 26.78% Space Free | Partition Type: NTFS
Drive D: | 49.76 Gb Total Space | 19.39 Gb Free Space | 38.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 10.00 Gb Total Space | 5.99 Gb Free Space | 59.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LOHSE-PC
Current User Name: Lohse
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/21 18:04:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Lohse\Desktop\OTL.exe
PRC - [2009/12/17 12:24:46 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/22 15:01:50 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/10/22 15:01:50 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/22 15:01:48 | 02,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/10/22 15:01:48 | 01,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/10/22 15:01:48 | 01,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/10/03 03:45:05 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/11/21 20:57:44 | 00,960,528 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/11/21 20:47:52 | 00,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/11/21 20:20:22 | 04,352,832 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 09:01:44 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008/02/15 17:25:34 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
PRC - [2008/02/15 17:23:20 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/19 01:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2007/12/14 21:54:04 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/12/14 21:53:58 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/12/14 21:53:54 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/09/20 14:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 00:50:02 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 00:49:56 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 00:49:56 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/07 00:49:56 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/08/27 23:51:42 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/03/21 13:33:44 | 01,548,288 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2007/03/21 13:33:44 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2007/03/21 13:33:42 | 01,724,416 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2007/03/21 12:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 12:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/08/04 18:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe


========== Modules (SafeList) ==========

MOD - [2009/12/21 18:04:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Lohse\Desktop\OTL.exe
MOD - [2008/01/19 01:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/22 15:01:50 | 00,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/22 15:01:50 | 00,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/22 15:01:48 | 02,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/10/22 15:01:48 | 01,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/22 15:01:48 | 00,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 03,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/06/03 17:38:44 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/21 20:47:52 | 00,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/06 09:01:44 | 00,241,734 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/02/15 17:25:34 | 00,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008/01/19 01:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/02 17:34:30 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/10/26 14:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/10/09 17:56:30 | 00,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/09/20 14:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/06/04 21:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/06/04 21:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/21 13:33:44 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/03/21 12:00:04 | 00,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/02/22 18:53:16 | 02,217,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
SRV - [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/04 18:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/05 18:23:53 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/22 15:01:50 | 00,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/10/22 15:01:50 | 00,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/10/22 15:01:50 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/10/22 15:01:44 | 00,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/10/22 15:01:42 | 00,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/09/22 14:51:34 | 00,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/09/17 01:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091221.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/09/17 01:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/17 01:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/17 01:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091221.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/09/10 13:15:50 | 00,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/09/10 13:15:44 | 00,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/09/10 13:15:44 | 00,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/09/10 13:15:41 | 00,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/09/09 08:39:32 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/09/04 13:50:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/04 13:50:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/04 13:49:58 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/03/19 10:28:43 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/03/19 10:28:43 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/03/19 10:28:42 | 00,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/02/15 17:27:02 | 00,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/14 21:54:26 | 00,111,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/12/14 21:53:56 | 01,674,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/12/06 08:51:00 | 00,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/11/14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/10/26 14:27:00 | 00,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/09/07 00:49:56 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/06 10:43:26 | 00,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 10:35:16 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 10:35:14 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 10:35:12 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/27 23:51:44 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/27 23:51:40 | 00,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/03/21 13:33:46 | 00,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/31 13:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 15:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/12 10:16:06 | 00,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/02 20:43:30 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 20:42:18 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 20:42:08 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 03:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 00,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 01:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/08/04 18:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/19 15:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/12/21 08:14:52 | 00,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 00,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 00,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 97 22 04 1B F7 78 4E A7 C1 7A 53 CF 95 66 CC [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 97 22 04 1B F7 78 4E A7 C1 7A 53 CF 95 66 CC [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 97 22 04 1B F7 78 4E A7 C1 7A 53 CF 95 66 CC [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 97 22 04 1B F7 78 4E A7 C1 7A 53 CF 95 66 CC [binary data]

IE - HKU\S-1-5-21-2052372012-1584203617-4053739633-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
IE - HKU\S-1-5-21-2052372012-1584203617-4053739633-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2052372012-1584203617-4053739633-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 97 22 04 1B F7 78 4E A7 C1 7A 53 CF 95 66 CC [binary data]
IE - HKU\S-1-5-21-2052372012-1584203617-4053739633-1000\S-1-5-21-2052372012-1584203617-4053739633-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.8.2
FF - prefs.js..extensions.enabledItems: {2104C0F5-952D-443c-AFCD-8F892F991F55}:2.0.0.0
FF - prefs.js..extensions.enabledItems: {fa8cb1bd-1442-439c-8225-b8b16983d9b7}:1.0
FF - prefs.js..extensions.enabledItems: {109f8a93-0972-414c-a1b5-b898d168289b}:1.0
FF - prefs.js..keyword.URL: "http://www.charter.net/google/index.php?q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 12:24:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 12:24:48 | 00,000,000 | ---D | M]

[2009/09/12 19:24:51 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\Mozilla\Extensions
[2009/09/12 19:24:51 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/21 12:27:31 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions
[2008/10/24 16:28:12 | 00,000,000 | ---D | M] (Coupon Manager) -- C:\Users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/12/01 14:50:10 | 00,000,000 | ---D | M] (XUL Cache) -- C:\Users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{109f8a93-0972-414c-a1b5-b898d168289b}
[2009/12/06 17:06:16 | 00,000,000 | ---D | M] (Charter Toolbar) -- C:\Users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{2104C0F5-952D-443c-AFCD-8F892F991F55}
[2009/12/08 09:49:01 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/12/06 17:06:15 | 00,000,000 | ---D | M] (Charter Update) -- C:\Users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
[2009/09/06 16:17:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/31 19:46:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
[2009/12/17 12:16:29 | 00,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
[2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2008/02/04 17:49:18 | 00,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/05/16 09:30:04 | 00,036,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npSfAppM.dll

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O3 - HKU\S-1-5-21-2052372012-1584203617-4053739633-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2052372012-1584203617-4053739633-1000\..\Toolbar\WebBrowser: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Cfg.exe] C:\Windows\OEM02Cfg.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052372012-1584203617-4053739633-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052372012-1584203617-4053739633-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2052372012-1584203617-4053739633-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/18 07:37:46 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Program Files\Roxio
[2009/12/21 18:10:32 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Lohse\Desktop\OTL.exe
[2009/12/21 17:50:24 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/12/21 17:50:24 | 00,000,000 | ---D | C] -- C:\Users\Lohse\AppData\Local\temp
[2009/12/21 17:43:59 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/12/18 12:24:16 | 03,326,576 | ---- | C] (Piriform Ltd) -- C:\Users\Lohse\Desktop\ccsetup226.exe
[2009/12/16 14:49:49 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/16 14:49:47 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/16 14:45:21 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/16 14:45:20 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/16 14:45:20 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/12/16 14:45:20 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/12/16 14:45:20 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/16 14:45:19 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/12/16 14:45:19 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/12/16 14:45:19 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/16 14:45:18 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/16 14:45:18 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/12/16 14:40:26 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/16 14:40:25 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/12/16 14:14:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/12/16 14:14:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/12/16 14:14:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/12/16 14:14:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/12/16 14:14:15 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/14 13:02:48 | 00,000,000 | ---D | C] -- C:\Users\Lohse\Desktop\Burning software
[2009/12/11 19:46:42 | 00,355,974 | ---- | C] (Digital River, Inc.) -- C:\Users\Lohse\Desktop\Download middle_school_content_knowledge_study_guide_ebook_setup now.exe
[2009/12/08 13:07:39 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/08 09:49:17 | 00,000,000 | ---D | C] -- C:\Users\Lohse\AppData\Roaming\QuickScan
[2009/12/08 09:46:12 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/12/08 09:12:01 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/12/06 17:06:12 | 00,000,000 | ---D | C] -- C:\Program Files\chartertoolbar
[2009/12/05 18:23:36 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/12/05 18:21:21 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/12/05 18:04:10 | 00,000,000 | ---D | C] -- C:\Symantec_Endpoint_Protection11.0.5002
[2009/12/05 17:57:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Miracle
[2009/12/05 15:05:41 | 00,000,000 | ---D | C] -- C:\Users\Lohse\Documents\CyberLink
[2009/12/02 20:36:06 | 36,523,0920 | ---- | C] (Microsoft Corporation) -- C:\Users\Lohse\Desktop\Windows6.0-KB948465-X86.exe
[2009/12/02 18:18:16 | 00,000,000 | ---D | C] -- C:\Windows\System32\CatRoot_bak
[2009/12/02 11:17:58 | 00,000,000 | ---D | C] -- C:\Windows\CheckSur
[2009/12/02 08:59:32 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/12/01 15:58:43 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/12/01 15:02:39 | 00,000,000 | ---D | C] -- C:\Users\Lohse\AppData\Local\Roxio
[2009/11/30 13:13:10 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/30 13:12:06 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/09/09 08:39:32 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Lohse\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/21 20:20:01 | 03,407,872 | -HS- | M] () -- C:\Users\Lohse\ntuser.dat
[2009/12/21 20:18:00 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/21 20:17:59 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/21 20:17:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/21 20:17:48 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/21 20:17:27 | 32,107,84768 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/21 20:16:22 | 00,524,288 | -HS- | M] () -- C:\Users\Lohse\ntuser.dat{66bc2866-9ef6-11de-bf4f-001d094232b6}.TMContainer00000000000000000001.regtrans-ms
[2009/12/21 20:16:22 | 00,065,536 | -HS- | M] () -- C:\Users\Lohse\ntuser.dat{66bc2866-9ef6-11de-bf4f-001d094232b6}.TM.blf
[2009/12/21 20:16:13 | 02,054,230 | -H-- | M] () -- C:\Users\Lohse\AppData\Local\IconCache.db
[2009/12/21 18:40:55 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/21 18:40:55 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/21 18:40:55 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/21 18:07:06 | 00,293,376 | ---- | M] () -- C:\Users\Lohse\Desktop\2phrxs6w.exe
[2009/12/21 18:04:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Lohse\Desktop\OTL.exe
[2009/12/21 17:44:05 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/21 17:43:51 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/21 17:33:32 | 03,860,720 | R--- | M] () -- C:\Users\Lohse\Desktop\thcbytes.exe
[2009/12/21 14:20:23 | 00,001,830 | ---- | M] () -- C:\Users\Lohse\Desktop\CyberLink PowerDirector.lnk
[2009/12/21 12:00:00 | 00,000,362 | ---- | M] () -- C:\Windows\tasks\PerfectOptimizer_home.job
[2009/12/20 08:35:36 | 00,030,720 | ---- | M] () -- C:\Users\Lohse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 12:27:37 | 00,001,672 | ---- | M] () -- C:\Users\Lohse\Desktop\CCleaner.lnk
[2009/12/18 12:24:20 | 03,326,576 | ---- | M] (Piriform Ltd) -- C:\Users\Lohse\Desktop\ccsetup226.exe
[2009/12/16 08:35:19 | 00,000,198 | ---- | M] () -- C:\Users\Lohse\vgalusr1.vr
[2009/12/14 12:44:06 | 00,002,627 | ---- | M] () -- C:\Users\Lohse\Desktop\Microsoft Office Word 2007.lnk
[2009/12/12 18:31:54 | 02,233,785 | ---- | M] () -- C:\Users\Lohse\Desktop\jamaica 8.dzm
[2009/12/12 18:22:39 | 02,853,159 | ---- | M] () -- C:\Users\Lohse\Desktop\Film Fest.dzm
[2009/12/12 18:13:15 | 04,192,731 | ---- | M] () -- C:\Users\Lohse\Desktop\Cinema 3 (dvd menü).dzm
[2009/12/11 19:46:43 | 00,355,974 | ---- | M] (Digital River, Inc.) -- C:\Users\Lohse\Desktop\Download middle_school_content_knowledge_study_guide_ebook_setup now.exe
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2009/12/05 18:23:53 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/12/05 18:23:53 | 00,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/12/05 18:23:53 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/12/02 20:47:47 | 36,523,0920 | ---- | M] (Microsoft Corporation) -- C:\Users\Lohse\Desktop\Windows6.0-KB948465-X86.exe
[2009/12/02 09:24:53 | 00,417,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/02 08:59:35 | 00,122,984 | ---- | M] () -- C:\Users\Lohse\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/01 15:09:30 | 00,142,780 | ---- | M] () -- C:\Users\Lohse\AppData\Local\imageCache7.db
[2009/11/30 19:58:29 | 00,070,656 | ---- | M] () -- C:\Users\Lohse\Desktop\Property Information.doc
[2009/11/27 21:12:40 | 00,002,231 | ---- | M] () -- C:\Users\Lohse\Desktop\iTunes.lnk
[2009/11/23 17:10:02 | 00,058,407 | ---- | M] () -- C:\Users\Lohse\Desktop\MOM.cdx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/21 18:10:32 | 00,293,376 | ---- | C] () -- C:\Users\Lohse\Desktop\2phrxs6w.exe
[2009/12/21 17:33:31 | 03,860,720 | R--- | C] () -- C:\Users\Lohse\Desktop\thcbytes.exe
[2009/12/16 14:14:50 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2009/12/16 14:14:50 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/12/16 14:14:50 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/12/16 14:14:50 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/16 14:14:50 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/12 18:30:45 | 02,233,785 | ---- | C] () -- C:\Users\Lohse\Desktop\jamaica 8.dzm
[2009/12/12 18:16:02 | 02,853,159 | ---- | C] () -- C:\Users\Lohse\Desktop\Film Fest.dzm
[2009/12/12 18:11:10 | 04,192,731 | ---- | C] () -- C:\Users\Lohse\Desktop\Cinema 3 (dvd menü).dzm
[2009/12/05 18:23:36 | 00,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/12/05 18:23:36 | 00,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/12/05 16:24:21 | 00,000,362 | ---- | C] () -- C:\Windows\tasks\PerfectOptimizer_home.job
[2009/12/01 15:08:36 | 00,142,780 | ---- | C] () -- C:\Users\Lohse\AppData\Local\imageCache7.db
[2009/11/30 12:06:38 | 00,070,656 | ---- | C] () -- C:\Users\Lohse\Desktop\Property Information.doc
[2009/11/23 14:01:35 | 00,058,407 | ---- | C] () -- C:\Users\Lohse\Desktop\MOM.cdx
[2009/10/26 19:12:54 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/10/22 19:57:58 | 00,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2009/09/19 11:45:51 | 00,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/09 08:40:21 | 00,000,034 | ---- | C] () -- C:\Users\Lohse\AppData\Roaming\pcouffin.log
[2009/09/09 08:39:32 | 00,007,887 | ---- | C] () -- C:\Users\Lohse\AppData\Roaming\pcouffin.cat
[2009/09/09 08:39:32 | 00,001,144 | ---- | C] () -- C:\Users\Lohse\AppData\Roaming\pcouffin.inf
[2009/09/05 14:58:11 | 00,000,680 | ---- | C] () -- C:\Users\Lohse\AppData\Local\d3d9caps.dat
[2009/09/05 14:38:35 | 00,000,106 | ---- | C] () -- C:\Windows\System32\winset.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/09 10:55:24 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{4e59d608-5512-11de-9bf0-bb5ffc833df8}.TMContainer00000000000000000002.regtrans-ms
[2009/06/09 10:55:24 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{4e59d608-5512-11de-9bf0-bb5ffc833df8}.TM.blf
[2009/06/09 10:55:24 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2009/06/09 10:55:24 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2009/06/09 10:55:23 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2009/05/30 10:06:09 | 00,000,537 | ---- | C] () -- C:\Users\Lohse\AppData\Roaming\solvents.map
[2009/05/30 10:04:26 | 00,000,107 | ---- | C] () -- C:\Users\Lohse\AppData\Roaming\sites.dat
[2009/04/13 11:42:14 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009/04/13 11:42:14 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2009/04/05 15:10:27 | 00,029,239 | ---- | C] () -- C:\Users\Lohse\AppData\Roaming\UserTile.png
[2009/03/25 13:47:23 | 00,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/02/24 18:38:49 | 00,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/11/07 10:11:04 | 00,002,045 | -H-- | C] () -- C:\Windows\System32\whlpdms32a.dll
[2008/11/06 10:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 10:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/10/20 16:15:37 | 00,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008/06/17 12:25:42 | 00,002,048 | ---- | C] () -- C:\Windows\System32\syscvchk.dll
[2008/06/11 23:35:15 | 00,001,848 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/06/02 08:57:39 | 00,000,552 | ---- | C] () -- C:\Users\Lohse\AppData\Local\d3d8caps.dat
[2008/04/15 20:58:22 | 00,030,720 | ---- | C] () -- C:\Users\Lohse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/19 10:29:11 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/19 10:29:11 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/19 10:29:11 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008/03/19 10:29:09 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/03/19 10:29:08 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/19 02:44:05 | 00,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/10/26 14:28:18 | 00,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/09/18 21:16:39 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\1ClickDVDCopy
[2009/09/15 13:43:53 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\Acronis
[2009/08/29 10:54:21 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\CCDC
[2009/06/09 11:09:08 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\DataSafeOnline
[2009/12/01 13:58:31 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\LimeWire
[2009/09/12 19:55:05 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\NCH Swift Sound
[2009/04/05 15:10:27 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\PeerNetworking
[2009/12/08 09:50:25 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\QuickScan
[2009/04/08 10:38:54 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\ScholarToolbar
[2009/10/18 09:14:46 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\tmp
[2009/12/05 14:57:32 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\Uniblue
[2009/12/21 13:09:26 | 00,000,000 | ---D | M] -- C:\Users\Lohse\AppData\Roaming\Vso
[2009/12/21 12:00:00 | 00,000,362 | ---- | M] () -- C:\Windows\Tasks\PerfectOptimizer_home.job
[2009/12/21 20:16:28 | 00,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/03/19 10:15:35 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/03/19 10:15:35 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008/03/19 10:15:35 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/03/19 10:15:35 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/03/19 10:15:35 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/03/19 10:16:11 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_e6b2949c\atapi.sys
[2008/03/19 10:16:11 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20544_none_dbb443eb3d9db847\atapi.sys
[2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/19 10:16:00 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/03/19 10:28:43 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/03/19 10:28:43 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/03/19 10:28:43 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/03/19 10:28:43 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/03/19 10:15:33 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/03/19 10:15:33 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/03/19 10:16:00 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/03/19 10:16:00 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/03/26 19:06:48 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/26 19:06:48 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/26 19:06:47 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/03/26 19:06:47 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 20:34:04 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/09/06 10:43:26 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys
[2007/03/21 11:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/06 10:43:26 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/06 10:43:26 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/09/06 10:43:26 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2007/03/21 11:59:30 | 00,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 01:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 01:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: LOGEVENT.DLL >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\found.000\dir0000.chk\logevent.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\AppPatch\Custom\Custom] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C04.tmp\ZAP5C04.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP671B.tmp\ZAP671B.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\temp\temp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Installations\Downloaded Installations] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ehome\CreateDisc\style\style] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Globalization\Globalization] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Help\Corporate\Corporate] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\8.0.0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\java\classes\classes] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\LiveKernelReports\LiveKernelReports] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Microsoft.NET\authman\authman] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ModemLogs\ModemLogs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\nap\configuration\configuration] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Panther\setup.exe\setup.exe] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\PLA\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SchCache\SchCache] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\security\logs\logs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\security\templates\templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16752_none_f06dce5c6e7a7dc0\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16752_none_f06dce5c6e7a7dc0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20919_none_f129aec387715c4e\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20919_none_f129aec387715c4e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18143_none_f25fdd386b980c17\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18143_none_f25fdd386b980c17] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22267_none_f2d7db5384c2491f\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22267_none_f2d7db5384c2491f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16738_none_d7f8bf26f95e2296\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16738_none_d7f8bf26f95e2296] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20904_none_d89ecc7412670658\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20904_none_d89ecc7412670658] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18130_none_d9d6fb7cf68be8cf\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18130_none_d9d6fb7cf68be8cf] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22252_none_da4cf9040fb7f329\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22252_none_da4cf9040fb7f329] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16757_none_a9b61b23f5cc373c\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16757_none_a9b61b23f5cc373c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20927_none_aa6029990ed1805a\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20927_none_aa6029990ed1805a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16757_none_29e0813e6824c817\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16757_none_29e0813e6824c817] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20927_none_2a8a8fb3812a1135\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20927_none_2a8a8fb3812a1135] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16757_none_46139f1146606e40\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16757_none_46139f1146606e40] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20927_none_46bdad865f65b75e\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20927_none_46bdad865f65b75e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16757_none_588635106739b071\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16757_none_588635106739b071] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20927_none_59304385803ef98f\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20927_none_59304385803ef98f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16757_none_e6868ec8949e06cd\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16757_none_e6868ec8949e06cd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20927_none_e7309d3dada34feb\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20927_none_e7309d3dada34feb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16757_none_0b2ec3e4d718c67f\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16757_none_0b2ec3e4d718c67f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20927_none_0bd8d259f01e0f9d\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20927_none_0bd8d259f01e0f9d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\0409\0409] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Branding\en-US\en-US] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\com\dmp\dmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\Journal\Journal] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Silverlight\Silverlight] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\10] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\12] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\13] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\14] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\16] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\17] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\18] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\19] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\20] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\21] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\27] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\28] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\29] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\30] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\31] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\33] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\34] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\35] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\36] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\37] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\38] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\39] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\40] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\41] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\42] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\43] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\46] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\49] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\50] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\51] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\53] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\54] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\55] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\56] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\58] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\60] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\61] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\63] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\host] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin\muffin] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\DriverStore\FileRepository\hpc3500e.inf_06974e49\I386\I386] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\DriverStore\FileRepository\hpopia.inf_39eab573\I386\I386] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\ENU\ENU] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\GroupPolicy\GroupPolicy] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\GroupPolicyUsers\GroupPolicyUsers] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\inetsrv\inetsrv] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\MUI\dispspec\dispspec] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\setup\en-US\en-US] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\SMI\Manifests\Manifests] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\spool\drivers\IA64\IA64] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\spool\drivers\x64\x64] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\spool\SERVERS\SERVERS] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\wbem\MOF\bad\bad] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\wbem\MOF\good\good] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\winevt\TraceFormat\TraceFormat] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\tracing\tracing] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\winsxs\InstallTemp\InstallTemp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\winsxs\Temp\PendingRenames\PendingRenames] -> \Device\__max++>\^ -> Mount Point
< End of report >



OTL Extras logfile created on: 12/21/2009 8:21:05 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Users\Lohse\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.85 Gb Total Space | 17.90 Gb Free Space | 26.78% Space Free | Partition Type: NTFS
Drive D: | 49.76 Gb Total Space | 19.39 Gb Free Space | 38.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 10.00 Gb Total Space | 5.99 Gb Free Space | 59.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LOHSE-PC
Current User Name: Lohse
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2052372012-1584203617-4053739633-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2052372012-1584203617-4053739633-1000]
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10D11F4B-D5FB-4840-ABDD-FEA74E439BEF}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{12B7A4D6-A9B2-4960-86C2-68E315C46FD7}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{18BD6C20-C14D-4B79-914B-3105E8F60F2B}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{23D956F0-262F-431D-96C2-F91DD1E019BE}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{2E0AB8EB-D1EA-49D9-9C43-3997CA936D54}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{3AC6FC93-34CB-43AD-85B7-B58C018BEFAA}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{3C7EFDE3-333D-4BC2-AD18-6E473E7F1416}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{43FF157D-A5D2-493D-BC91-C0E8E4C16D75}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{50D4F213-2681-425E-AF72-C4081EDAF6AD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5CD90034-9CC1-4ACE-8149-3DDB784996B4}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{5E7B820A-CC8C-4362-B60C-37F8238F1FCD}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{62F6E9DA-F5B7-405A-8B98-D73CDE263422}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{63248A86-4AE9-4196-BF3E-EA48A55502FE}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{865F9B45-4642-428A-90DD-56386C9242B6}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{8B7D7642-9DC5-4A03-86A7-8DA1DA403C91}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{9B894E25-4846-448E-8D0C-F2A41B2B3580}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{A049AEAA-3029-497D-AEC6-F80C10EDE177}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{A6AB341E-8EF4-42B0-9C0C-742BC06D7B12}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{A80CEE76-AC75-4DBC-BBA8-9E9CB6C6AFA4}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{A9D6C06A-5A0E-4D55-910A-E723BCB770D7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BE4289BF-6CB4-4552-AD3E-CD7AC6327894}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{D23E3C40-EFE7-45A2-9035-7FF078E26D3E}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{D73B456F-73D7-468A-BC7B-9668EE53771B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{FD446478-1C6A-4B46-B5AB-0B0DC3706EAD}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"TCP Query User{04F2E73A-4657-4FAC-8F73-DE242F1D3FC8}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe |
"TCP Query User{058221C5-AE59-459E-82F8-FE69EA09FD56}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{32970AF3-1C46-45D3-BBAF-92D1FD9FEE4F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{35F0FFCE-E245-4B53-A833-43CEB5F4174A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{3E579D48-E0A6-4AF4-A78C-9BFEDD5F9A2D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9D880D90-A4CF-4DC1-8421-DE9CF0CBC1FD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{ACE0F64C-B677-4273-BE74-98D5E47AFFAB}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe |
"TCP Query User{BAB4C161-6C3C-4445-B211-75AEDC2992D1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DA667874-7C61-46AE-9745-C1B4E5F6EDA8}C:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe |
"UDP Query User{30C7CF1C-0CE3-4E84-9882-26EE157C6B97}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe |
"UDP Query User{35F383F3-2C30-4AFA-97B6-F9FB256DA5A8}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{3E3B9A01-BC97-43AB-ADFF-02722C785E4E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4941CDDC-8239-4061-84E1-645FEEA8080C}C:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files\cambridgesoft\chemoffice2008\chemdraw\chemdraw.exe |
"UDP Query User{4D541109-8983-4430-840C-78BB892F9AA9}C:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files\cambridgesoft\chemoffice2008\chem3d\chem3d.exe |
"UDP Query User{6EE20713-14EF-4E4A-B6C5-17B5DB864B29}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{73D28C47-00B3-44FF-A7CB-625430C783E5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BD2B8B4E-140F-4377-803C-6966110BEA38}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FFD1C439-24A7-4C2C-8FF1-C0BD0CE056BE}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{12377A05-0062-47F9-9CB9-AAAF8C22D645}" = SciFinder Scholar 2007
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{19D196C4-8D02-4CBF-AF49-7D40C73C2602}" = CambridgeSoft ChemScript 11.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{455F9ACD-4967-446B-9174-8C87EA895F2A}" = SciFinder Scholar Toolbar
"{46471218-6964-4B04-A055-A701D29DF6C6}" = CrossFire Commander 7.1
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{863F58EF-467F-4BCC-A40B-D2304630DEA1}" = CambridgeSoft Activation Client
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F1482413-D644-45D4-8E2A-FBDCEC18142A}" = CambridgeSoft ChemOffice Ultra 2008
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 3.2.3.2
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.7 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_817" = Adobe Acrobat 8.1.7 - CPSID_50029
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"chartertoolbar" = Charter Toolbar
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer2.0" = Coupon Printer
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DVD43_is1" = DVD43 v4.4.1
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.5.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{F1482413-D644-45D4-8E2A-FBDCEC18142A}" = CambridgeSoft ChemOffice Ultra 2008
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Basic)
"LimeWire" = LimeWire 4.18.8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MV RegClean 5.0 English_is1" = MV RegClean 5.0 English

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2052372012-1584203617-4053739633-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Charter Browser Updater" = Charter Browser Updater
"QUICKMEDIACONVERTER" = Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2009 8:04:53 PM | Computer Name = Lohse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 12/5/2009 8:05:20 PM | Computer Name = Lohse-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 12/5/2009 8:19:40 PM | Computer Name = Lohse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 12/5/2009 8:19:41 PM | Computer Name = Lohse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 12/5/2009 8:20:35 PM | Computer Name = Lohse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 12/5/2009 8:20:37 PM | Computer Name = Lohse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 12/5/2009 8:26:36 PM | Computer Name = Lohse-PC | Source = Symantec AntiVirus | ID = 16711754
Description = TruScan has generated an error: code 11: description: Whitelist Failure

Error - 12/8/2009 11:12:59 AM | Computer Name = Lohse-PC | Source = Application Error | ID = 1000
Description = Faulting application FindAWF.exe, version 1.40.1.0, time stamp 0x2a425e19,
faulting module kernel32.dll, version 6.0.6001.18215, time stamp 0x49953395, exception
code 0xc0000005, fault offset 0x000bf395, process id 0x1264, application start time
0x01ca7818ed65cb20.

Error - 12/8/2009 12:22:31 PM | Computer Name = Lohse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 12/8/2009 12:22:32 PM | Computer Name = Lohse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ Broadcom Wireless LAN Events ]
Error - 8/4/2009 10:24:12 PM | Computer Name = LOHSE-PC | Source = WLAN-Tray | ID = 0
Description = 21:24:12, Tue, Aug 04, 09 Error - Unable to gain access to user store


Error - 9/5/2009 5:03:44 PM | Computer Name = Lohse-PC | Source = WLAN-Tray | ID = 0
Description = 16:03:44, Sat, Sep 05, 09 Error - Unable to gain access to user store


Error - 9/5/2009 10:32:52 PM | Computer Name = Lohse-PC | Source = WLAN-Tray | ID = 0
Description = 21:32:51, Sat, Sep 05, 09 Error - Unable to gain access to user store


Error - 9/6/2009 7:59:32 PM | Computer Name = Lohse-PC | Source = WLAN-Tray | ID = 0
Description = 18:59:28, Sun, Sep 06, 09 Error - Unable to gain access to user store


Error - 10/14/2009 12:26:59 PM | Computer Name = Lohse-PC | Source = WLAN-Tray | ID = 0
Description = 11:26:58, Wed, Oct 14, 09 Error - Unable to gain access to user store


Error - 10/21/2009 10:42:17 PM | Computer Name = Lohse-PC | Source = WLAN-Tray | ID = 0
Description = 21:42:14, Wed, Oct 21, 09 Error - Unable to gain access to user store


Error - 10/27/2009 11:23:11 AM | Computer Name = Lohse-PC | Source = WLAN-Tray | ID = 0
Description = 10:23:08, Tue, Oct 27, 09 Error - Unable to gain access to user store


Error - 12/15/2009 1:30:35 PM | Computer Name = Lohse-PC | Source = WLAN-Tray | ID = 0
Description = 11:30:31, Tue, Dec 15, 09 Error - Unable to gain access to user store


Error - 12/21/2009 7:43:31 PM | Computer Name = Lohse-PC | Source = WLAN-Tray | ID = 0
Description = 17:43:28, Mon, Dec 21, 09 Error - Unable to gain access to user store


[ OSession Events ]
Error - 9/8/2008 6:57:26 PM | Computer Name = Lohse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 187561
seconds with 3660 seconds of active time. This session ended with a crash.

Error - 8/18/2009 2:15:13 PM | Computer Name = Lohse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1544
seconds with 300 seconds of active time. This session ended with a crash.

Error - 8/22/2009 11:52:52 AM | Computer Name = Lohse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1854
seconds with 120 seconds of active time. This session ended with a crash.

Error - 8/28/2009 11:15:58 AM | Computer Name = Lohse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 167679
seconds with 1560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/21/2009 6:56:03 PM | Computer Name = Lohse-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 001F3A4C4B9F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/21/2009 7:34:54 PM | Computer Name = Lohse-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 12/21/2009 7:35:04 PM | Computer Name = Lohse-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 12/21/2009 7:35:05 PM | Computer Name = Lohse-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/21/2009 7:41:27 PM | Computer Name = Lohse-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/21/2009 7:41:36 PM | Computer Name = Lohse-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 12/21/2009 7:43:25 PM | Computer Name = Lohse-PC | Source = HTTP | ID = 15016
Description =

Error - 12/21/2009 7:44:12 PM | Computer Name = Lohse-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/21/2009 10:17:57 PM | Computer Name = Lohse-PC | Source = HTTP | ID = 15016
Description =

Error - 12/21/2009 10:18:28 PM | Computer Name = Lohse-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-21 21:37:52
Windows 6.0.6001 Service Pack 1
Running: 2phrxs6w.exe; Driver: C:\Users\Lohse\AppData\Local\Temp\uglcapoc.sys


---- System - GMER 1.0.15 ----

SSDT 87270A70 ZwAlertResumeThread
SSDT 8726EA70 ZwAlertThread
SSDT 876C7A20 ZwAllocateVirtualMemory
SSDT 86D7DD58 ZwCreateMutant
SSDT 87736C98 ZwCreateThread
SSDT 86D77928 ZwFreeVirtualMemory
SSDT 87274A70 ZwImpersonateAnonymousToken
SSDT 87272A70 ZwImpersonateThread
SSDT 86D7BB58 ZwMapViewOfSection
SSDT 87277A70 ZwOpenEvent
SSDT 8724FA70 ZwOpenProcessToken
SSDT 86D7BCC0 ZwOpenThreadToken
SSDT 87258A70 ZwResumeThread
SSDT 8725DA70 ZwSetContextThread
SSDT 86D77458 ZwSetInformationProcess
SSDT 86D784D0 ZwSetInformationThread
SSDT 8706AF28 ZwSuspendProcess
SSDT 8726BA70 ZwSuspendThread
SSDT 87260A70 ZwTerminateProcess
SSDT 87269A70 ZwTerminateThread
SSDT 8725EA70 ZwUnmapViewOfSection
SSDT 876D2310 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 822B8914 8 Bytes [70, 0A, 27, 87, 70, EA, 26, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 822B8928 4 Bytes [20, 7A, 6C, 87]
.text ntkrnlpa.exe!KeSetTimerEx + 428 822B89EC 4 Bytes [58, DD, D7, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 454 822B8A18 4 Bytes [98, 6C, 73, 87] {CWDE ; INSB ; JAE 0xffffffffffffff8b}
.text ntkrnlpa.exe!KeSetTimerEx + 568 822B8B2C 4 Bytes [28, 79, D7, 86]
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743F88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744398A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743FB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743EFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743F7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743EEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7442B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743FBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743F074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743F06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743E71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7447D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74417379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743EE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743E697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743E69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743F2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device volmgr.sys (Volume Manager Driver/Microsoft Corporation)

AttachedDevice tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D2973C3-88C1-4F83-B6FE-A71715EA4802}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C50940DA-3D02-403B-A0B3-660571D73ACA}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D2973C3-88C1-4F83-B6FE-A71715EA4802}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D2973C3-88C1-4F83-B6FE-A71715EA4802}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D2973C3-88C1-4F83-B6FE-A71715EA4802}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D2973C3-88C1-4F83-B6FE-A71715EA4802}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C50940DA-3D02-403B-A0B3-660571D73ACA}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C50940DA-3D02-403B-A0B3-660571D73ACA}@Path \Microsoft\Windows Defender\MP Scheduled Signature Update
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C50940DA-3D02-403B-A0B3-660571D73ACA}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C50940DA-3D02-403B-A0B3-660571D73ACA}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {2D2973C3-88C1-4F83-B6FE-A71715EA4802}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Signature Update@Id {C50940DA-3D02-403B-A0B3-660571D73ACA}
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\Logfiles\Srt\SrtTrail.log 18540 bytes

---- EOF - GMER 1.0.15 ----



Thanks again.

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 22 December 2009 - 12:25 AM

Hello,

Please take your time and carefully follow the instructions outlined below.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\Windows\System32\logevent.dll
C:\found.000\dir0000.chk\logevent.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal

==========

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    [2009/12/20 08:35:36 | 00,030,720 | ---- | M] () -- C:\Users\Lohse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [C:\Windows\AppPatch\Custom\Custom] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C04.tmp\ZAP5C04.tmp] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP671B.tmp\ZAP671B.tmp] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\assembly\temp\temp] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Downloaded Installations\Downloaded Installations] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ehome\CreateDisc\style\style] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Globalization\Globalization] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Help\Corporate\Corporate] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\8.0.0] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\java\classes\classes] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\LiveKernelReports\LiveKernelReports] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Microsoft.NET\authman\authman] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ModemLogs\ModemLogs] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\nap\configuration\configuration] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\Panther\setup.exe\setup.exe] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\PLA\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SchCache\SchCache] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\security\logs\logs] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\security\templates\templates] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\Links\Links] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\Music\Music] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\LocalService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\Links\Links] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\Music\Music] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\ServiceProfiles\NetworkService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16752_none_f06dce5c6e7a7dc0\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16752_none_f06dce5c6e7a7dc0] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20919_none_f129aec387715c4e\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20919_none_f129aec387715c4e] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18143_none_f25fdd386b980c17\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18143_none_f25fdd386b980c17] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22267_none_f2d7db5384c2491f\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22267_none_f2d7db5384c2491f] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16738_none_d7f8bf26f95e2296\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16738_none_d7f8bf26f95e2296] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20904_none_d89ecc7412670658\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20904_none_d89ecc7412670658] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18130_none_d9d6fb7cf68be8cf\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18130_none_d9d6fb7cf68be8cf] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22252_none_da4cf9040fb7f329\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22252_none_da4cf9040fb7f329] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16757_none_a9b61b23f5cc373c\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16757_none_a9b61b23f5cc373c] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20927_none_aa6029990ed1805a\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20927_none_aa6029990ed1805a] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16757_none_29e0813e6824c817\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16757_none_29e0813e6824c817] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20927_none_2a8a8fb3812a1135\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20927_none_2a8a8fb3812a1135] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16757_none_46139f1146606e40\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16757_none_46139f1146606e40] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20927_none_46bdad865f65b75e\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20927_none_46bdad865f65b75e] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16757_none_588635106739b071\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16757_none_588635106739b071] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20927_none_59304385803ef98f\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20927_none_59304385803ef98f] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16757_none_e6868ec8949e06cd\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16757_none_e6868ec8949e06cd] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20927_none_e7309d3dada34feb\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20927_none_e7309d3dada34feb] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16757_none_0b2ec3e4d718c67f\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16757_none_0b2ec3e4d718c67f] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20927_none_0bd8d259f01e0f9d\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20927_none_0bd8d259f01e0f9d] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\0409\0409] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\Branding\en-US\en-US] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\com\dmp\dmp] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\Journal\Journal] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Silverlight\Silverlight] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\0] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\1] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\10] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\12] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\13] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\14] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\16] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\17] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\18] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\19] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\20] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\21] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\27] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\28] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\29] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\30] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\31] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\33] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\34] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\35] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\36] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\37] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\38] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\39] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\40] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\41] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\42] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\43] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\46] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\49] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\50] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\51] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\53] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\54] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\55] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\56] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\58] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\60] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\61] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\63] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\8] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\9] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\host] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin\muffin] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\DriverStore\FileRepository\hpc3500e.inf_06974e49\I386\I386] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\DriverStore\FileRepository\hpopia.inf_39eab573\I386\I386] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\ENU\ENU] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\GroupPolicy\GroupPolicy] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\GroupPolicyUsers\GroupPolicyUsers] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\inetsrv\inetsrv] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\MUI\dispspec\dispspec] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\setup\en-US\en-US] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\SMI\Manifests\Manifests] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\spool\drivers\IA64\IA64] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\spool\drivers\x64\x64] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\spool\SERVERS\SERVERS] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\System] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\wbem\MOF\bad\bad] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\wbem\MOF\good\good] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\System32\winevt\TraceFormat\TraceFormat] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\tracing\tracing] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\winsxs\InstallTemp\InstallTemp] -> \Device\__max++>\^ -> Mount Point
    [C:\Windows\winsxs\Temp\PendingRenames\PendingRenames] -> \Device\__max++>\^ -> Mount Point
    
    :Files
    c:\users\Lohse\AppData\Local\temp
    c:\users\Public\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    
    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
==========

Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running. If you are using Vista please right click and run as Admin!
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========

Please save this file to your desktop.
  • Select Posted Image
  • Select All Programs
  • Select Accessories
  • Right click Command Prompt and choose Run as administrator

    Posted Image
  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
Copy-paste the following command (the bolded text) into the "cmd" box, and click enter. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

==========

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Limewire

Likely your original portal of infection.

Additional instructions can be found here if needed.

==========

Please download MBR.EXE by GMER. Save the file in your root directory. (C:\)
  • Open Notepad and copy and paste the text in the codebox below (excluding the word Code) into Notepad.
    @echo off
    cd\
    mbr.exe -t
    start mbr.log
  • Next, select File --> Save As, change file type to All Files (*.*), and save it as fixme.bat in your c:\ folder.
  • Open your c:\folder right-click on fixme.bat and select Run as Administrator. A logfile will open (C:\mbr.log). Please paste the contents in your next reply.
==========

1. Download the file TDSSKiller.zip and extract it to your desktop.
2. Click start->run->copy-paste "%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v into the textbox and press enter.
3. report.txt should be generated into same location with TDSSKiller.exe. Post contents of that report, please.

==========

With your next post please provide:

* Upload results
* OTL fix log
* Peek log.txt
* Win32kDiag.txt
* Mbr log
* TDSSKiller log
* Still getting redirected?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 lohsdog

lohsdog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 22 December 2009 - 07:37 PM

Here are all the results

Filename: logevent.dll
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 23 Dec 2009 00:53:52 (CET) Permalink
File size: 11776 bytes
Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
MD5: 7f15b4953378c8b5161d65c26d5fed4d
SHA1: 50b57fedd78bee8a329d03b03f482bcc424a7820


Filename: logevent.dll
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 23 Dec 2009 00:57:12 (CET) Permalink

File size: 11776 bytes
Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
MD5: 7f15b4953378c8b5161d65c26d5fed4d
SHA1: 50b57fedd78bee8a329d03b03f482bcc424a7820


All processes killed
========== OTL ==========
C:\Users\Lohse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Windows\DUMP9185.tmp deleted successfully.
Mount Point C:\Windows\AppPatch\Custom\Custom removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C04.tmp\ZAP5C04.tmp removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP671B.tmp\ZAP671B.tmp removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp removed successfully!
Mount Point C:\Windows\assembly\temp\temp removed successfully!
Mount Point C:\Windows\assembly\tmp\tmp removed successfully!
Mount Point C:\Windows\Downloaded Installations\Downloaded Installations removed successfully!
Mount Point C:\Windows\ehome\CreateDisc\style\style removed successfully!
Mount Point C:\Windows\Globalization\Globalization removed successfully!
Mount Point C:\Windows\Help\Corporate\Corporate removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\8.0.0 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 removed successfully!
Mount Point C:\Windows\java\classes\classes removed successfully!
Mount Point C:\Windows\LiveKernelReports\LiveKernelReports removed successfully!
Mount Point C:\Windows\Microsoft.NET\authman\authman removed successfully!
Mount Point C:\Windows\ModemLogs\ModemLogs removed successfully!
Mount Point C:\Windows\nap\configuration\configuration removed successfully!
Mount Point C:\Windows\Panther\setup.exe\setup.exe removed successfully!
Mount Point C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES removed successfully!
Mount Point C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF removed successfully!
Mount Point C:\Windows\PLA\Templates\Templates removed successfully!
Mount Point C:\Windows\registration\CRMLog\CRMLog removed successfully!
Mount Point C:\Windows\SchCache\SchCache removed successfully!
Mount Point C:\Windows\security\logs\logs removed successfully!
Mount Point C:\Windows\security\templates\templates removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Documents\Documents removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Links\Links removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Music\Music removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Videos\Videos removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Documents\Documents removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Links\Links removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Music\Music removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Videos\Videos removed successfully!
Mount Point C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16752_none_f06dce5c6e7a7dc0\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16752_none_f06dce5c6e7a7dc0 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20919_none_f129aec387715c4e\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20919_none_f129aec387715c4e removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18143_none_f25fdd386b980c17\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18143_none_f25fdd386b980c17 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22267_none_f2d7db5384c2491f\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22267_none_f2d7db5384c2491f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16738_none_d7f8bf26f95e2296\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16738_none_d7f8bf26f95e2296 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20904_none_d89ecc7412670658\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20904_none_d89ecc7412670658 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18130_none_d9d6fb7cf68be8cf\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18130_none_d9d6fb7cf68be8cf removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22252_none_da4cf9040fb7f329\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22252_none_da4cf9040fb7f329 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16757_none_a9b61b23f5cc373c\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16757_none_a9b61b23f5cc373c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20927_none_aa6029990ed1805a\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20927_none_aa6029990ed1805a removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16757_none_29e0813e6824c817\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16757_none_29e0813e6824c817 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20927_none_2a8a8fb3812a1135\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20927_none_2a8a8fb3812a1135 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16757_none_46139f1146606e40\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16757_none_46139f1146606e40 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20927_none_46bdad865f65b75e\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20927_none_46bdad865f65b75e removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16757_none_588635106739b071\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16757_none_588635106739b071 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20927_none_59304385803ef98f\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20927_none_59304385803ef98f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16757_none_e6868ec8949e06cd\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16757_none_e6868ec8949e06cd removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20927_none_e7309d3dada34feb\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20927_none_e7309d3dada34feb removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16757_none_0b2ec3e4d718c67f\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16757_none_0b2ec3e4d718c67f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20927_none_0bd8d259f01e0f9d\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20927_none_0bd8d259f01e0f9d removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb removed successfully!
Mount Point C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache removed successfully!
Mount Point C:\Windows\System32\0409\0409 removed successfully!
Mount Point C:\Windows\System32\Branding\en-US\en-US removed successfully!
Mount Point C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} removed successfully!
Mount Point C:\Windows\System32\com\dmp\dmp removed successfully!
Mount Point C:\Windows\System32\config\Journal\Journal removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Silverlight\Silverlight removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\0 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\1 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\10 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\12 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\13 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\14 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\16 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\17 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\18 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\19 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\20 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\21 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\27 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\28 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\29 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\30 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\31 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\33 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\34 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\35 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\36 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\37 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\38 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\39 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\40 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\41 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\42 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\43 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\46 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\49 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\50 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\51 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\53 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\54 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\55 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\56 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\58 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\60 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\61 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\63 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\8 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\9 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\host removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin\muffin removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs removed successfully!
Unable to remove Mount Point C:\Windows\System32\DriverStore\FileRepository\hpc3500e.inf_06974e49\I386\I386
Unable to remove Mount Point C:\Windows\System32\DriverStore\FileRepository\hpopia.inf_39eab573\I386\I386
Mount Point C:\Windows\System32\ENU\ENU removed successfully!
Mount Point C:\Windows\System32\GroupPolicy\GroupPolicy removed successfully!
Mount Point C:\Windows\System32\GroupPolicyUsers\GroupPolicyUsers removed successfully!
Mount Point C:\Windows\System32\inetsrv\inetsrv removed successfully!
Mount Point C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys removed successfully!
Mount Point C:\Windows\System32\MUI\dispspec\dispspec removed successfully!
Mount Point C:\Windows\System32\setup\en-US\en-US removed successfully!
Mount Point C:\Windows\System32\SMI\Manifests\Manifests removed successfully!
Mount Point C:\Windows\System32\spool\drivers\IA64\IA64 removed successfully!
Mount Point C:\Windows\System32\spool\drivers\x64\x64 removed successfully!
Mount Point C:\Windows\System32\spool\SERVERS\SERVERS removed successfully!
Mount Point C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\System removed successfully!
Mount Point C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter removed successfully!
Mount Point C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar removed successfully!
Mount Point C:\Windows\System32\wbem\MOF\bad\bad removed successfully!
Mount Point C:\Windows\System32\wbem\MOF\good\good removed successfully!
Mount Point C:\Windows\System32\winevt\TraceFormat\TraceFormat removed successfully!
Mount Point C:\Windows\tracing\tracing removed successfully!
Mount Point C:\Windows\winsxs\InstallTemp\InstallTemp removed successfully!
Unable to remove Mount Point C:\Windows\winsxs\Temp\PendingRenames\PendingRenames
========== FILES ==========
c:\users\Lohse\AppData\Local\temp\WPDNSE folder moved successfully.
c:\users\Lohse\AppData\Local\temp\Log folder moved successfully.
c:\users\Lohse\AppData\Local\temp\hsperfdata_Lohse folder moved successfully.
c:\users\Lohse\AppData\Local\temp folder moved successfully.
c:\users\Public\AppData\Local\temp folder moved successfully.
c:\users\Default\AppData\Local\temp folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Lohse
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 38158426 bytes
->FireFox cache emptied: 41249083 bytes
->Google Chrome cache emptied: 6118085 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 44693 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82.00 mb


OTL by OldTimer - Version 3.1.19.0 log created on 12222009_180004

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...







Volume in drive C is OS
Volume Serial Number is A8C7-1264

Directory of C:\WINDOWS\ERDNT\cache

01/19/2008 01:36 AM 177,152 scecli.dll

Directory of C:\WINDOWS\ERDNT\cache

01/19/2008 01:35 AM 592,384 netlogon.dll

Directory of C:\WINDOWS\ERDNT\cache

11/02/2006 03:46 AM 11,776 cngaudit.dll
3 File(s) 781,312 bytes

Directory of C:\WINDOWS\System32

01/19/2008 01:36 AM 177,152 scecli.dll

Directory of C:\WINDOWS\System32

01/19/2008 01:35 AM 592,384 netlogon.dll

Directory of C:\WINDOWS\System32

11/02/2006 03:46 AM 11,776 cngaudit.dll
3 File(s) 781,312 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6

11/02/2006 03:46 AM 11,776 cngaudit.dll
1 File(s) 11,776 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e

11/02/2006 03:46 AM 176,640 scecli.dll
1 File(s) 176,640 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

01/19/2008 01:36 AM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e

04/11/2009 12:28 AM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783

11/02/2006 03:46 AM 559,616 netlogon.dll
1 File(s) 559,616 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

01/19/2008 01:35 AM 592,384 netlogon.dll
1 File(s) 592,384 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

04/11/2009 12:28 AM 592,896 netlogon.dll
1 File(s) 592,896 bytes

Total Files Listed:
13 File(s) 3,850,240 bytes
0 Dir(s) 25,422,327,808 bytes free






Running from: C:\Users\Lohse\desktop\win32kdiag.exe

Log file at : C:\Users\Lohse\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16757_none_ebb124d316651d3b\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16757_none_ebb124d316651d3b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16757_none_ebb124d316651d3b\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16757_none_ebb124d316651d3b

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20927_none_ec5b33482f6a6659\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20927_none_ec5b33482f6a6659

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20927_none_ec5b33482f6a6659\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20927_none_ec5b33482f6a6659

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16757_none_deb05c4e7f6e540e\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16757_none_deb05c4e7f6e540e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16757_none_deb05c4e7f6e540e\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16757_none_deb05c4e7f6e540e

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20927_none_df5a6ac398739d2c\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20927_none_df5a6ac398739d2c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20927_none_df5a6ac398739d2c\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20927_none_df5a6ac398739d2c

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18148_none_e0a26b2a7c8be265\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18148_none_e0a26b2a7c8be265

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18148_none_e0a26b2a7c8be265\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18148_none_e0a26b2a7c8be265

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22278_none_e10b983195c1d602\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22278_none_e10b983195c1d602

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22278_none_e10b983195c1d602\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22278_none_e10b983195c1d602

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16757_none_8d245bba54d439c3\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16757_none_8d245bba54d439c3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16757_none_8d245bba54d439c3\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16757_none_8d245bba54d439c3

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20927_none_8dce6a2f6dd982e1\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20927_none_8dce6a2f6dd982e1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20927_none_8dce6a2f6dd982e1\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20927_none_8dce6a2f6dd982e1

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9

Found mount point : C:\Windows\System32\DriverStore\FileRepository\hpc3500e.inf_06974e49\I386\I386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\DriverStore\FileRepository\hpc3500e.inf_06974e49\I386\I386

Found mount point : C:\Windows\System32\DriverStore\FileRepository\hpopia.inf_39eab573\I386\I386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\DriverStore\FileRepository\hpopia.inf_39eab573\I386\I386

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-12-22 18:01:46 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

[1] 2009-12-22 18:01:46 64 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTDiagLog.etl ()




Stealth MBR rootkit/Mebroot/Sinowal

Here are all the results

Filename: logevent.dll
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 23 Dec 2009 00:53:52 (CET) Permalink
File size: 11776 bytes
Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
MD5: 7f15b4953378c8b5161d65c26d5fed4d
SHA1: 50b57fedd78bee8a329d03b03f482bcc424a7820


Filename: logevent.dll
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Wed 23 Dec 2009 00:57:12 (CET) Permalink

File size: 11776 bytes
Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
MD5: 7f15b4953378c8b5161d65c26d5fed4d
SHA1: 50b57fedd78bee8a329d03b03f482bcc424a7820


All processes killed
========== OTL ==========
C:\Users\Lohse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Windows\DUMP9185.tmp deleted successfully.
Mount Point C:\Windows\AppPatch\Custom\Custom removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C04.tmp\ZAP5C04.tmp removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP671B.tmp\ZAP671B.tmp removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp removed successfully!
Mount Point C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp removed successfully!
Mount Point C:\Windows\assembly\temp\temp removed successfully!
Mount Point C:\Windows\assembly\tmp\tmp removed successfully!
Mount Point C:\Windows\Downloaded Installations\Downloaded Installations removed successfully!
Mount Point C:\Windows\ehome\CreateDisc\style\style removed successfully!
Mount Point C:\Windows\Globalization\Globalization removed successfully!
Mount Point C:\Windows\Help\Corporate\Corporate removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\8.0.0 removed successfully!
Mount Point C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 removed successfully!
Mount Point C:\Windows\java\classes\classes removed successfully!
Mount Point C:\Windows\LiveKernelReports\LiveKernelReports removed successfully!
Mount Point C:\Windows\Microsoft.NET\authman\authman removed successfully!
Mount Point C:\Windows\ModemLogs\ModemLogs removed successfully!
Mount Point C:\Windows\nap\configuration\configuration removed successfully!
Mount Point C:\Windows\Panther\setup.exe\setup.exe removed successfully!
Mount Point C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES removed successfully!
Mount Point C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF removed successfully!
Mount Point C:\Windows\PLA\Templates\Templates removed successfully!
Mount Point C:\Windows\registration\CRMLog\CRMLog removed successfully!
Mount Point C:\Windows\SchCache\SchCache removed successfully!
Mount Point C:\Windows\security\logs\logs removed successfully!
Mount Point C:\Windows\security\templates\templates removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Documents\Documents removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Links\Links removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Music\Music removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games removed successfully!
Mount Point C:\Windows\ServiceProfiles\LocalService\Videos\Videos removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Documents\Documents removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Links\Links removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Music\Music removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games removed successfully!
Mount Point C:\Windows\ServiceProfiles\NetworkService\Videos\Videos removed successfully!
Mount Point C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16752_none_f06dce5c6e7a7dc0\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16752_none_f06dce5c6e7a7dc0 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20919_none_f129aec387715c4e\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20919_none_f129aec387715c4e removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18143_none_f25fdd386b980c17\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18143_none_f25fdd386b980c17 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\2f81c0f453fbbd140d2f48e6a84246f2\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22267_none_f2d7db5384c2491f\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22267_none_f2d7db5384c2491f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16738_none_d7f8bf26f95e2296\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16738_none_d7f8bf26f95e2296 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20904_none_d89ecc7412670658\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20904_none_d89ecc7412670658 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18130_none_d9d6fb7cf68be8cf\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18130_none_d9d6fb7cf68be8cf removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\66c6580b24adf7b2b5ae6bef5c24dfd5\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22252_none_da4cf9040fb7f329\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22252_none_da4cf9040fb7f329 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\95a8f2a6d97e686f815a117fa99fc1b4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b44e3cac58583f1b243789477cb83db6\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16757_none_a9b61b23f5cc373c\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16757_none_a9b61b23f5cc373c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20927_none_aa6029990ed1805a\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20927_none_aa6029990ed1805a removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16757_none_29e0813e6824c817\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16757_none_29e0813e6824c817 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20927_none_2a8a8fb3812a1135\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20927_none_2a8a8fb3812a1135 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16757_none_46139f1146606e40\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16757_none_46139f1146606e40 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20927_none_46bdad865f65b75e\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20927_none_46bdad865f65b75e removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16757_none_588635106739b071\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16757_none_588635106739b071 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20927_none_59304385803ef98f\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20927_none_59304385803ef98f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16757_none_e6868ec8949e06cd\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16757_none_e6868ec8949e06cd removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20927_none_e7309d3dada34feb\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20927_none_e7309d3dada34feb removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16757_none_0b2ec3e4d718c67f\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16757_none_0b2ec3e4d718c67f removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20927_none_0bd8d259f01e0f9d\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20927_none_0bd8d259f01e0f9d removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492 removed successfully!
Mount Point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb removed successfully!
Mount Point C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache removed successfully!
Mount Point C:\Windows\System32\0409\0409 removed successfully!
Mount Point C:\Windows\System32\Branding\en-US\en-US removed successfully!
Mount Point C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} removed successfully!
Mount Point C:\Windows\System32\com\dmp\dmp removed successfully!
Mount Point C:\Windows\System32\config\Journal\Journal removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Silverlight\Silverlight removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\0 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\1 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\10 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\12 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\13 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\14 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\16 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\17 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\18 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\19 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\20 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\21 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\27 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\28 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\29 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\30 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\31 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\33 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\34 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\35 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\36 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\37 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\38 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\39 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\40 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\41 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\42 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\43 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\46 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\49 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\50 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\51 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\53 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\54 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\55 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\56 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\58 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\60 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\61 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\63 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\8 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\9 removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\host removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin\muffin removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs removed successfully!
Mount Point C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs removed successfully!
Unable to remove Mount Point C:\Windows\System32\DriverStore\FileRepository\hpc3500e.inf_06974e49\I386\I386
Unable to remove Mount Point C:\Windows\System32\DriverStore\FileRepository\hpopia.inf_39eab573\I386\I386
Mount Point C:\Windows\System32\ENU\ENU removed successfully!
Mount Point C:\Windows\System32\GroupPolicy\GroupPolicy removed successfully!
Mount Point C:\Windows\System32\GroupPolicyUsers\GroupPolicyUsers removed successfully!
Mount Point C:\Windows\System32\inetsrv\inetsrv removed successfully!
Mount Point C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys removed successfully!
Mount Point C:\Windows\System32\MUI\dispspec\dispspec removed successfully!
Mount Point C:\Windows\System32\setup\en-US\en-US removed successfully!
Mount Point C:\Windows\System32\SMI\Manifests\Manifests removed successfully!
Mount Point C:\Windows\System32\spool\drivers\IA64\IA64 removed successfully!
Mount Point C:\Windows\System32\spool\drivers\x64\x64 removed successfully!
Mount Point C:\Windows\System32\spool\SERVERS\SERVERS removed successfully!
Mount Point C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\System removed successfully!
Mount Point C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter removed successfully!
Mount Point C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar removed successfully!
Mount Point C:\Windows\System32\wbem\MOF\bad\bad removed successfully!
Mount Point C:\Windows\System32\wbem\MOF\good\good removed successfully!
Mount Point C:\Windows\System32\winevt\TraceFormat\TraceFormat removed successfully!
Mount Point C:\Windows\tracing\tracing removed successfully!
Mount Point C:\Windows\winsxs\InstallTemp\InstallTemp removed successfully!
Unable to remove Mount Point C:\Windows\winsxs\Temp\PendingRenames\PendingRenames
========== FILES ==========
c:\users\Lohse\AppData\Local\temp\WPDNSE folder moved successfully.
c:\users\Lohse\AppData\Local\temp\Log folder moved successfully.
c:\users\Lohse\AppData\Local\temp\hsperfdata_Lohse folder moved successfully.
c:\users\Lohse\AppData\Local\temp folder moved successfully.
c:\users\Public\AppData\Local\temp folder moved successfully.
c:\users\Default\AppData\Local\temp folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Lohse
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 38158426 bytes
->FireFox cache emptied: 41249083 bytes
->Google Chrome cache emptied: 6118085 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 44693 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82.00 mb


OTL by OldTimer - Version 3.1.19.0 log created on 12222009_180004

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...







Volume in drive C is OS
Volume Serial Number is A8C7-1264

Directory of C:\WINDOWS\ERDNT\cache

01/19/2008 01:36 AM 177,152 scecli.dll

Directory of C:\WINDOWS\ERDNT\cache

01/19/2008 01:35 AM 592,384 netlogon.dll

Directory of C:\WINDOWS\ERDNT\cache

11/02/2006 03:46 AM 11,776 cngaudit.dll
3 File(s) 781,312 bytes

Directory of C:\WINDOWS\System32

01/19/2008 01:36 AM 177,152 scecli.dll

Directory of C:\WINDOWS\System32

01/19/2008 01:35 AM 592,384 netlogon.dll

Directory of C:\WINDOWS\System32

11/02/2006 03:46 AM 11,776 cngaudit.dll
3 File(s) 781,312 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6

11/02/2006 03:46 AM 11,776 cngaudit.dll
1 File(s) 11,776 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e

11/02/2006 03:46 AM 176,640 scecli.dll
1 File(s) 176,640 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

01/19/2008 01:36 AM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e

04/11/2009 12:28 AM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783

11/02/2006 03:46 AM 559,616 netlogon.dll
1 File(s) 559,616 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

01/19/2008 01:35 AM 592,384 netlogon.dll
1 File(s) 592,384 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

04/11/2009 12:28 AM 592,896 netlogon.dll
1 File(s) 592,896 bytes

Total Files Listed:
13 File(s) 3,850,240 bytes
0 Dir(s) 25,422,327,808 bytes free






Running from: C:\Users\Lohse\desktop\win32kdiag.exe

Log file at : C:\Users\Lohse\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.16865_none_80bdcfa6fa29e6c3

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6000.21061_none_8143436c134b5473

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.18266_none_82a50e96f74f910b

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6001.22443_none_83414c42105faa15

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.18045_none_84a021f2f466921d

Found mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\baa94b70dade5f2eeda685302cab2d1e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_6.0.6002.22146_none_852abf080d834b3e

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16757_none_ebb124d316651d3b\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16757_none_ebb124d316651d3b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16757_none_ebb124d316651d3b\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16757_none_ebb124d316651d3b

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20927_none_ec5b33482f6a6659\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20927_none_ec5b33482f6a6659

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20927_none_ec5b33482f6a6659\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20927_none_ec5b33482f6a6659

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16757_none_deb05c4e7f6e540e\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16757_none_deb05c4e7f6e540e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16757_none_deb05c4e7f6e540e\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16757_none_deb05c4e7f6e540e

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20927_none_df5a6ac398739d2c\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20927_none_df5a6ac398739d2c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20927_none_df5a6ac398739d2c\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20927_none_df5a6ac398739d2c

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18148_none_e0a26b2a7c8be265\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18148_none_e0a26b2a7c8be265

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18148_none_e0a26b2a7c8be265\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18148_none_e0a26b2a7c8be265

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22278_none_e10b983195c1d602\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22278_none_e10b983195c1d602

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22278_none_e10b983195c1d602\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22278_none_e10b983195c1d602

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16757_none_8d245bba54d439c3\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16757_none_8d245bba54d439c3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16757_none_8d245bba54d439c3\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.16757_none_8d245bba54d439c3

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20927_none_8dce6a2f6dd982e1\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20927_none_8dce6a2f6dd982e1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20927_none_8dce6a2f6dd982e1\x86_microsoft-windows-i..nternetcontrolpanel_31bf3856ad364e35_6.0.6000.20927_none_8dce6a2f6dd982e1

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6

Found mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d291756ffb63508531c78734583f5fd7\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9

Found mount point : C:\Windows\System32\DriverStore\FileRepository\hpc3500e.inf_06974e49\I386\I386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\DriverStore\FileRepository\hpc3500e.inf_06974e49\I386\I386

Found mount point : C:\Windows\System32\DriverStore\FileRepository\hpopia.inf_39eab573\I386\I386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\DriverStore\FileRepository\hpopia.inf_39eab573\I386\I386

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-12-22 18:01:46 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

[1] 2009-12-22 18:01:46 64 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTDiagLog.etl ()




Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK



I couldn't find a report for the TDS killer, but it said it found 0 problems. I attached a screen shot.


I'm also still getting redirects.

Attached Files

  • Attached File  tds.jpg   45.13KB   5 downloads


#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 22 December 2009 - 09:18 PM

You got a suspicious looking system file. I am surprised it was not picked up by any of the scanners.

Please do this....


Step 1

Run Win32kDiag again
  • Select Posted Image
  • Select All Programs
  • Select Accessories
  • Right click Command Prompt and choose Run as administrator

    Posted Image
    • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
    • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
    Copy-paste the following command (the bolded text) into the "cmd" box, and click enter. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
    "%userprofile%\desktop\win32kdiag.exe" -f -r

    ==========

    Step 2

    Next do this:
    • Select Posted Image
    • Select All Programs
    • Select Accessories
    • Right click Command Prompt and choose Run as administrator
    Posted Image
    • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
    • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).
    copy C:\Windows\System32\logevent.dll C:\ /y
  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
  • Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
    NOTE: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy was not successful.
  • Exit the Command Prompt window.
==========

Step 3

:( Warning to others reading this thread!: The Avenger is a VERY POWERFUL program, and can easily be misused.
Certain misuses of this program can prevent your system from ever starting again.
For this reason, it is strongly recommended to use The Avenger only as directed and under qualified supervision.
We can accept no responsibility for damage caused by misuse of the program.
:(
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Right click and run as Admin on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
    Files to move:C:\logevent.dll | C:\Windows\System32\cngaudit.dll
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.
==========

With your next post please provide:

* Win32kDiag log
* Avenger log
* Still get redirected?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 lohsdog

lohsdog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 23 December 2009 - 06:17 PM

Here are the two logs.



Running from: C:\Users\Lohse\desktop\win32kdiag.exe

Log file at : C:\Users\Lohse\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-12-23 16:46:11 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

[1] 2009-12-23 16:46:11 64 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-12-23 16:49:08 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()

[1] 2009-12-23 16:49:08 0 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Cannot access: C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-12-23 16:46:11 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

[1] 2009-12-23 16:46:11 64 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Attempting to restore permissions of : C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Attempting to restore permissions of : C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-System.etl

Attempting to restore permissions of : C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()

[1] 2009-12-23 16:46:00 64 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

Attempting to restore permissions of : C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-12-23 16:49:08 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()

[1] 2009-12-23 16:49:08 0 C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames



Finished!



Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\logevent.dll|C:\Windows\System32\cngaudit.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.




Sorry, but still getting redirects.

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 AM

Posted 24 December 2009 - 09:39 AM

My oh my. Stubborn!

Please right click and delete Combofix.

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

==========

Re-run Gmer and post a log.

==========

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *eventlog.dl*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

==========

We need to create a batch file.

:( Warning :(
This file was written specifically for this user, for use on this particular machine.
Running this on another machine may cause irreparable damage to your operating system
  • Please copy the contents of the code box below
  • Open notepad and paste the contents of the code box there
  • On the top toolbar in notepad select file
  • Then save as
  • In the box that opens type in eventlog.bat for the file name
  • Right below that click the down arrow in the line for save as type and select all files
  • Save this to your desktop and close notepad
@echo off
sc query eventlog >log.txt
notepad log.txt
del eventlog.bat (deletes the .bat file)
EXIT
  • Locate the eventlog.bat icon on your desktop and double click it. A box will pop up briefly on your screen and disappear, this is normal
A log shall be created. Please copy & post it for my review.

==========

With your next post please provide:

* Combofix.txt
* Gmer log
* SystemLook.txt
* Eventog.txt

Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 lohsdog

lohsdog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 24 December 2009 - 11:49 AM

Here are the 4 logs

ComboFix 09-12-23.06 - Lohse 12/24/2009 9:43.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.1751 [GMT -6:00]
Running from: c:\users\Lohse\Desktop\thcbytes.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Lohse\eula.txt

.
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.

2009-12-24 15:48 . 2009-12-24 15:48 -------- d-----w- c:\users\Lohse\AppData\Local\temp
2009-12-23 22:43 . 2007-01-18 16:24 26496 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2009-12-23 22:43 . 2009-12-23 22:43 -------- d-----w- C:\Research in Motion
2009-12-23 22:43 . 2009-12-23 22:43 -------- d-----w- c:\programdata\Sprint
2009-12-23 22:43 . 2009-12-23 22:43 -------- d-----w- c:\program files\Common Files\Research in Motion
2009-12-23 22:43 . 2009-12-23 22:43 -------- d-----w- c:\program files\Sprint
2009-12-23 00:19 . 2009-12-23 00:19 77312 ----a-w- c:\users\Lohse\mbr.exe
2009-12-23 00:14 . 2009-12-23 00:14 41 ----a-w- C:\fixme.bat
2009-12-23 00:00 . 2009-12-23 00:00 -------- d-----w- C:\_OTL
2009-12-21 23:53 . 2009-09-17 07:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091221.003\NAVENG.SYS
2009-12-21 23:53 . 2009-09-17 07:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091221.003\NAVENG32.DLL
2009-12-21 23:53 . 2009-09-17 07:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091221.003\NAVEX32A.DLL
2009-12-21 23:53 . 2009-09-17 07:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091221.003\NAVEX15.SYS
2009-12-21 23:53 . 2009-12-10 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091221.003\CCERASER.DLL
2009-12-21 23:53 . 2009-11-16 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091221.003\ECMSVR32.DLL
2009-12-21 23:53 . 2009-09-17 07:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091221.003\EECTRL.SYS
2009-12-21 23:53 . 2009-09-17 07:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091221.003\ERASER.SYS
2009-12-20 08:41 . 2009-12-20 08:41 137480 ----a-w- c:\users\Lohse\TDSSKiller.exe
2009-12-16 20:49 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-16 20:49 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-16 20:49 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-16 20:40 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-16 20:40 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-08 15:49 . 2009-12-08 15:50 -------- d-----w- c:\users\Lohse\AppData\Roaming\QuickScan
2009-12-08 15:49 . 2009-11-26 23:39 678912 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-08 15:49 . 2009-11-26 23:37 768512 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-08 15:46 . 2009-12-08 15:46 -------- d-----w- c:\windows\BDOSCAN8
2009-12-08 15:12 . 2009-12-08 15:12 -------- d-----w- C:\VundoFix Backups
2009-12-06 23:06 . 2009-12-06 23:06 -------- d-----w- c:\program files\chartertoolbar
2009-12-06 00:24 . 2009-09-17 07:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-12-06 00:24 . 2009-09-17 07:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-12-06 00:24 . 2009-09-17 07:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-12-06 00:24 . 2009-09-17 07:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-12-06 00:24 . 2009-09-17 07:00 2747952 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-12-06 00:24 . 2009-09-17 07:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-12-06 00:24 . 2009-09-17 07:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-12-06 00:23 . 2009-12-06 00:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-06 00:04 . 2009-12-06 00:04 -------- d-----w- C:\Symantec_Endpoint_Protection11.0.5002
2009-12-05 23:57 . 2009-12-05 23:57 -------- d-----w- c:\programdata\Miracle
2009-12-03 00:18 . 2009-12-03 00:18 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-02 17:17 . 2009-12-02 17:17 -------- d-----w- c:\windows\CheckSur
2009-12-02 14:59 . 2009-12-02 14:59 -------- d-----w- c:\windows\system32\EventProviders
2009-12-02 14:56 . 2009-04-11 04:42 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-12-01 21:58 . 2009-12-01 21:58 -------- d-----w- c:\windows\Sun
2009-12-01 21:02 . 2009-12-01 21:02 -------- d-----w- c:\users\Lohse\AppData\Local\Roxio
2009-12-01 16:49 . 2009-11-19 17:48 872960 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-01 16:49 . 2009-11-19 17:48 43008 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 16:49 . 2009-11-19 17:48 340480 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 16:49 . 2009-11-19 17:48 346624 ----a-w- c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-30 19:13 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-30 19:12 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-30 19:12 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 00:18 . 2008-06-07 05:03 -------- d-----w- c:\program files\LimeWire
2009-12-21 19:09 . 2009-09-09 14:39 -------- d-----w- c:\users\Lohse\AppData\Roaming\Vso
2009-12-16 21:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-06 00:25 . 2009-10-05 22:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-06 00:25 . 2009-10-05 22:33 -------- d-----w- c:\programdata\Symantec
2009-12-06 00:23 . 2009-12-06 00:21 -------- d-----w- c:\program files\Symantec
2009-12-06 00:23 . 2009-12-06 00:23 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-06 00:23 . 2009-12-06 00:23 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-05 20:57 . 2009-10-20 19:14 -------- d-----w- c:\users\Lohse\AppData\Roaming\Uniblue
2009-12-02 19:32 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-02 14:59 . 2008-03-27 00:50 122984 ----a-w- c:\users\Lohse\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-01 21:53 . 2009-09-06 16:16 117760 ----a-w- c:\users\Lohse\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-01 21:52 . 2009-09-06 16:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-01 21:19 . 2008-03-19 09:02 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-12-01 21:06 . 2008-08-14 00:42 -------- d-----w- c:\users\Lohse\AppData\Roaming\Roxio
2009-12-01 20:48 . 2008-03-19 09:02 -------- d-----w- c:\program files\Roxio
2009-12-01 19:58 . 2008-06-07 05:03 -------- d-----w- c:\users\Lohse\AppData\Roaming\LimeWire
2009-11-17 21:43 . 2008-05-21 21:30 -------- d-----w- c:\programdata\Microsoft Help
2009-11-16 14:25 . 2008-05-20 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-16 09:00 . 2009-11-16 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2009-11-03 02:42 . 2009-10-05 19:53 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 15:21 . 2009-10-27 01:07 -------- d-----w- c:\program files\DivX
2009-10-27 15:18 . 2008-03-19 08:57 -------- d-----w- c:\program files\Google
2009-10-27 15:17 . 2008-03-19 08:44 -------- d-----w- c:\program files\Creative
2009-10-27 15:17 . 2008-03-19 08:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 13:20 . 2009-12-16 20:45 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-16 20:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-16 20:45 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 01:13 . 2009-10-27 01:12 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-22 21:46 . 2009-10-22 14:06 36864 ----a-w- c:\programdata\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
2009-10-22 21:01 . 2009-12-06 00:21 89600 -c--a-w- c:\programdata\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\System32\atl71.dll
2009-10-20 20:29 . 2009-06-09 17:38 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe
2008-03-19 16:28 . 2008-03-19 16:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-12-16_20.17.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-16 20:49 . 2009-11-09 12:53 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22261_none_dccc93dec1560594\wbhstipm.dll
+ 2009-12-16 20:49 . 2009-11-09 12:53 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22261_none_dccc93dec1560594\wbhst_pm.dll
+ 2009-12-16 20:49 . 2009-11-09 12:53 48128 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22261_none_dccc93dec1560594\w3wphost.dll
+ 2009-12-16 20:49 . 2009-11-09 12:53 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22261_none_dccc93dec1560594\w3tp.dll
+ 2009-12-16 20:49 . 2009-11-09 12:32 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18139_none_dc6b6927a818dcaf\wbhstipm.dll
+ 2009-12-16 20:49 . 2009-11-09 12:32 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18139_none_dc6b6927a818dcaf\wbhst_pm.dll
+ 2009-12-16 20:49 . 2009-11-09 12:32 47616 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18139_none_dc6b6927a818dcaf\w3wphost.dll
+ 2009-12-16 20:49 . 2009-11-09 12:32 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18139_none_dc6b6927a818dcaf\w3tp.dll
+ 2009-12-16 20:49 . 2009-11-09 13:17 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22559_none_daf8f432c4205f37\wbhstipm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:17 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22559_none_daf8f432c4205f37\wbhst_pm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:17 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22559_none_daf8f432c4205f37\w3wphost.dll
+ 2009-12-16 20:49 . 2009-11-09 13:17 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22559_none_daf8f432c4205f37\w3tp.dll
+ 2009-12-16 20:49 . 2009-11-09 13:23 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18359_none_da6f5581ab02c246\wbhstipm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:23 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18359_none_da6f5581ab02c246\wbhst_pm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:23 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18359_none_da6f5581ab02c246\w3wphost.dll
+ 2009-12-16 20:49 . 2009-11-09 13:23 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18359_none_da6f5581ab02c246\w3tp.dll
+ 2009-12-16 20:49 . 2009-11-09 13:11 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21157_none_d9108b34c6fbd1b3\wbhstipm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:11 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21157_none_d9108b34c6fbd1b3\wbhst_pm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:11 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21157_none_d9108b34c6fbd1b3\w3wphost.dll
+ 2009-12-16 20:49 . 2009-11-09 13:11 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21157_none_d9108b34c6fbd1b3\w3tp.dll
+ 2009-12-16 20:49 . 2009-11-09 13:35 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.16954_none_d8841569ade0b2a2\wbhstipm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:35 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.16954_none_d8841569ade0b2a2\wbhst_pm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:35 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.16954_none_d8841569ade0b2a2\w3wphost.dll
+ 2009-12-16 20:49 . 2009-11-09 13:35 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.16954_none_d8841569ade0b2a2\w3tp.dll
+ 2009-12-16 20:49 . 2009-11-09 12:52 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22261_none_75dd5df18aee1840\nshhttp.dll
+ 2009-12-16 20:41 . 2009-11-03 21:55 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22258_none_75ef2fe38adfadb0\nshhttp.dll
+ 2009-12-16 20:49 . 2009-11-09 12:31 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18139_none_757c333a71b0ef5b\nshhttp.dll
+ 2009-12-16 20:41 . 2009-11-03 21:43 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18136_none_7579325c71b3a356\nshhttp.dll
+ 2009-12-16 20:49 . 2009-11-09 13:16 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.22559_none_7409be458db871e3\nshhttp.dll
+ 2009-12-16 20:41 . 2009-11-03 22:01 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.22556_none_7406bd678dbb25de\nshhttp.dll
+ 2009-12-16 20:49 . 2009-11-09 13:22 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18359_none_73801f94749ad4f2\nshhttp.dll
+ 2009-12-16 20:41 . 2009-11-03 22:17 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18356_none_737d1eb6749d88ed\nshhttp.dll
+ 2009-12-16 20:49 . 2009-11-09 13:10 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.21157_none_722155479093e45f\nshhttp.dll
+ 2009-12-16 20:41 . 2009-11-03 12:49 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.21154_none_721e54699096985a\nshhttp.dll
+ 2009-12-16 20:49 . 2009-11-09 13:34 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.16954_none_7194df7c7778c54e\nshhttp.dll
+ 2009-12-16 20:41 . 2009-11-03 13:01 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.16951_none_7191de9e777b7949\nshhttp.dll
+ 2009-12-16 20:49 . 2009-11-09 12:53 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\wamregps.dll
+ 2009-12-16 20:49 . 2009-11-09 12:53 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\rscaext.dll
+ 2009-12-16 20:49 . 2009-11-09 12:53 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\rsca.dll
+ 2009-12-16 20:49 . 2009-11-09 12:50 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iissyspr.dll
+ 2009-12-16 20:49 . 2009-11-09 11:03 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisrstas.exe
+ 2009-12-16 20:49 . 2009-11-09 11:03 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisreset.exe
+ 2009-12-16 20:49 . 2009-11-09 12:50 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisreg.dll
+ 2009-12-16 20:49 . 2009-11-09 12:48 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\ahadmin.dll
+ 2009-12-16 20:49 . 2009-11-09 12:48 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\admwprox.dll
+ 2009-12-16 20:49 . 2009-11-09 12:32 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\wamregps.dll
+ 2009-12-16 20:49 . 2009-11-09 12:32 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\rscaext.dll
+ 2009-12-16 20:49 . 2009-11-09 12:32 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\rsca.dll
+ 2009-12-16 20:49 . 2009-11-09 12:30 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iissyspr.dll
+ 2009-12-16 20:49 . 2009-11-09 10:48 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisrstas.exe
+ 2009-12-16 20:49 . 2009-11-09 10:48 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisreset.exe
+ 2009-12-16 20:49 . 2009-11-09 12:30 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisreg.dll
+ 2009-12-16 20:49 . 2009-11-09 12:28 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\ahadmin.dll
+ 2009-12-16 20:49 . 2009-11-09 12:28 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\admwprox.dll
+ 2009-12-16 20:49 . 2009-11-09 13:17 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\wamregps.dll
+ 2009-12-16 20:49 . 2009-11-09 13:17 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\rscaext.dll
+ 2009-12-16 20:49 . 2009-11-09 13:17 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\rsca.dll
+ 2009-12-16 20:49 . 2009-11-09 13:14 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iissyspr.dll
+ 2009-12-16 20:49 . 2009-11-09 11:24 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisrstas.exe
+ 2009-12-16 20:49 . 2009-11-09 11:24 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisreset.exe
+ 2009-12-16 20:49 . 2009-11-09 13:14 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisreg.dll
+ 2009-12-16 20:49 . 2009-11-09 13:12 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\ahadmin.dll
+ 2009-12-16 20:49 . 2009-11-09 13:12 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\admwprox.dll
+ 2009-12-16 20:49 . 2009-11-09 13:23 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\wamregps.dll
+ 2009-12-16 20:49 . 2009-11-09 13:23 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\rscaext.dll
+ 2009-12-16 20:49 . 2009-11-09 13:23 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\rsca.dll
+ 2009-12-16 20:49 . 2009-11-09 13:20 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iissyspr.dll
+ 2009-12-16 20:49 . 2009-11-09 11:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisrstas.exe
+ 2009-12-16 20:49 . 2009-11-09 11:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisreset.exe
+ 2009-12-16 20:49 . 2009-11-09 13:20 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisreg.dll
+ 2009-12-16 20:49 . 2009-11-09 13:18 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\ahadmin.dll
+ 2009-12-16 20:49 . 2009-11-09 13:18 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\admwprox.dll
+ 2009-12-16 20:49 . 2009-11-09 13:11 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\wamregps.dll
+ 2009-12-16 20:49 . 2009-11-09 13:10 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\rsca.dll
+ 2009-12-16 20:49 . 2009-11-09 13:07 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iissyspr.dll
+ 2009-12-16 20:49 . 2009-11-09 11:15 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisrstas.exe
+ 2009-12-16 20:49 . 2009-11-09 11:15 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisreset.exe
+ 2009-12-16 20:49 . 2009-11-09 13:07 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisreg.dll
+ 2009-12-16 20:49 . 2009-11-09 13:05 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\admwprox.dll
+ 2009-12-16 20:49 . 2009-11-09 13:35 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\wamregps.dll
+ 2009-12-16 20:49 . 2009-11-09 13:35 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\rsca.dll
+ 2009-12-16 20:49 . 2009-11-09 13:30 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iissyspr.dll
+ 2009-12-16 20:49 . 2009-11-09 11:33 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisrstas.exe
+ 2009-12-16 20:49 . 2009-11-09 11:33 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisreset.exe
+ 2009-12-16 20:49 . 2009-11-09 13:30 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisreg.dll
+ 2009-12-16 20:49 . 2009-11-09 13:28 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\admwprox.dll
+ 2009-12-16 20:49 . 2009-11-09 12:53 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22261_none_d1da3f343fb867a4\w3dt.dll
+ 2009-12-16 20:49 . 2009-11-09 12:50 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22261_none_d1da3f343fb867a4\hwebcore.dll
+ 2009-12-16 20:49 . 2009-11-09 12:32 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18139_none_d179147d267b3ebf\w3dt.dll
+ 2009-12-16 20:49 . 2009-11-09 12:30 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18139_none_d179147d267b3ebf\hwebcore.dll
+ 2009-12-16 20:49 . 2009-11-09 13:17 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22559_none_d0069f884282c147\w3dt.dll
+ 2009-12-16 20:49 . 2009-11-09 13:14 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22559_none_d0069f884282c147\hwebcore.dll
+ 2009-12-16 20:49 . 2009-11-09 13:23 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18359_none_cf7d00d729652456\w3dt.dll
+ 2009-12-16 20:49 . 2009-11-09 13:20 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18359_none_cf7d00d729652456\hwebcore.dll
+ 2009-12-16 20:49 . 2009-11-09 13:11 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21157_none_ce1e368a455e33c3\w3dt.dll
+ 2009-12-16 20:49 . 2009-11-09 13:07 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21157_none_ce1e368a455e33c3\hwebcore.dll
+ 2009-12-16 20:49 . 2009-11-09 13:35 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.16954_none_cd91c0bf2c4314b2\w3dt.dll
+ 2009-12-16 20:49 . 2009-11-09 13:30 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.16954_none_cd91c0bf2c4314b2\hwebcore.dll
+ 2009-12-16 20:45 . 2009-10-27 13:14 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21148_none_2a75ca2d813992d7\iebrshim.dll
+ 2009-12-16 20:45 . 2009-10-27 15:01 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16945_none_29e95462681e73c6\iebrshim.dll
+ 2009-12-16 20:45 . 2009-10-27 13:14 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21148_none_c450b3bd7a89bd7a\iesetup.dll
+ 2009-12-16 20:45 . 2009-10-27 13:14 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21148_none_c450b3bd7a89bd7a\iernonce.dll
+ 2009-12-16 20:45 . 2009-10-27 10:48 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21148_none_c450b3bd7a89bd7a\ie4uinit.exe
+ 2009-12-16 20:45 . 2009-10-27 15:01 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16945_none_c3c43df2616e9e69\iesetup.dll
+ 2009-12-16 20:45 . 2009-10-27 15:01 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16945_none_c3c43df2616e9e69\iernonce.dll
+ 2009-12-16 20:45 . 2009-10-27 12:27 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16945_none_c3c43df2616e9e69\ie4uinit.exe
+ 2009-12-16 20:45 . 2009-10-27 10:56 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22550_none_2fb594d03344a0e4\ieUnatt.exe
+ 2009-12-16 20:45 . 2009-10-27 10:55 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18349_none_2f3fc8a51a16cc11\ieUnatt.exe
+ 2009-12-16 20:45 . 2009-10-27 10:48 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21148_none_2de1fea2360ef4d5\ieUnatt.exe
+ 2009-12-16 20:45 . 2009-10-27 12:27 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\ieUnatt.exe
+ 2009-12-16 20:45 . 2009-10-27 13:14 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21148_none_591b7dff804e7b31\icardie.dll
+ 2009-12-16 20:45 . 2009-10-27 15:01 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16945_none_588f083467335c20\icardie.dll
+ 2009-12-16 20:45 . 2009-10-27 10:56 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22550_none_f3c11b47d36cbc5c\mshtmler.dll
+ 2009-12-16 20:45 . 2009-10-27 13:05 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22550_none_f3c11b47d36cbc5c\ieencode.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18349_none_f34b4f1cba3ee789\mshtmler.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18349_none_f34b4f1cba3ee789\ieencode.dll
+ 2009-12-16 20:45 . 2009-10-27 09:23 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21148_none_f1ed8519d637104d\mshtmler.dll
+ 2009-12-16 20:45 . 2009-10-27 13:14 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21148_none_f1ed8519d637104d\ieencode.dll
+ 2009-12-16 20:45 . 2009-10-27 10:56 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16945_none_f1610f4ebd1bf13c\mshtmler.dll
+ 2009-12-16 20:45 . 2009-10-27 15:01 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16945_none_f1610f4ebd1bf13c\ieencode.dll
+ 2009-12-16 20:45 . 2009-10-27 13:03 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22550_none_ae85b694200c09a7\admparse.dll
+ 2008-06-17 18:23 . 2008-01-19 07:33 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18349_none_ae0fea6906de34d4\admparse.dll
+ 2009-12-16 20:45 . 2009-10-27 13:12 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21148_none_acb2206622d65d98\admparse.dll
+ 2009-12-16 20:45 . 2009-10-27 14:59 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16945_none_ac25aa9b09bb3e87\admparse.dll
+ 2009-12-16 20:45 . 2009-10-27 12:53 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22252_none_0424fac0b83db9d3\WininetPlugin.dll
+ 2009-12-16 20:45 . 2009-10-27 12:50 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22252_none_0424fac0b83db9d3\jsproxy.dll
+ 2009-06-10 20:55 . 2009-04-11 06:28 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18130_none_03aefd399f11af79\WininetPlugin.dll
+ 2009-06-10 20:55 . 2009-04-11 06:28 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18130_none_03aefd399f11af79\jsproxy.dll
+ 2009-12-16 20:45 . 2009-10-27 13:07 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22550_none_023c8844bb193201\WininetPlugin.dll
+ 2009-12-16 20:45 . 2009-10-27 13:05 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22550_none_023c8844bb193201\jsproxy.dll
+ 2008-04-16 02:59 . 2008-02-22 05:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18349_none_01c6bc19a1eb5d2e\WininetPlugin.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18349_none_01c6bc19a1eb5d2e\jsproxy.dll
+ 2009-12-16 20:45 . 2009-10-27 13:18 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21148_none_0068f216bde385f2\WininetPlugin.dll
+ 2009-12-16 20:45 . 2009-10-27 13:15 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21148_none_0068f216bde385f2\jsproxy.dll
+ 2009-12-16 20:45 . 2009-10-27 15:05 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16945_none_ffdc7c4ba4c866e1\WininetPlugin.dll
+ 2009-12-16 20:45 . 2009-10-27 15:02 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16945_none_ffdc7c4ba4c866e1\jsproxy.dll
+ 2009-12-16 20:49 . 2009-11-09 12:48 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22261_none_22cda0eb126ecb4f\authsspi.dll
+ 2009-12-16 20:49 . 2009-11-09 12:29 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.18139_none_226c7633f931a26a\authsspi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:12 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.22559_none_20fa013f153924f2\authsspi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:18 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.18359_none_2070628dfc1b8801\authsspi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:06 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.21157_none_1f1198411814976e\authsspi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:29 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.16954_none_1e852275fef9785d\authsspi.dll
+ 2009-12-16 20:45 . 2009-10-27 13:17 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.21148_none_ec466dc22f79e7fb\pngfilt.dll
+ 2009-12-16 20:45 . 2009-10-27 15:04 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16945_none_ebb9f7f7165ec8ea\pngfilt.dll
+ 2009-12-16 20:49 . 2009-11-09 12:50 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.22261_none_f7dc740cb3bf845a\httpapi.dll
+ 2009-12-16 20:41 . 2009-11-03 21:53 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.22258_none_f7ee45feb3b119ca\httpapi.dll
+ 2009-12-16 20:49 . 2009-11-09 12:30 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.18139_none_f77b49559a825b75\httpapi.dll
+ 2009-12-16 20:41 . 2009-11-03 21:42 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.18136_none_f77848779a850f70\httpapi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:14 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.22559_none_f608d460b689ddfd\httpapi.dll
+ 2009-12-16 20:41 . 2009-11-03 22:00 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.22556_none_f605d382b68c91f8\httpapi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:20 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18359_none_f57f35af9d6c410c\httpapi.dll
+ 2009-12-16 20:41 . 2009-11-03 22:15 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18356_none_f57c34d19d6ef507\httpapi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:07 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.21157_none_f4206b62b9655079\httpapi.dll
+ 2009-12-16 20:41 . 2009-11-03 12:46 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.21154_none_f41d6a84b9680474\httpapi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:30 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.16954_none_f393f597a04a3168\httpapi.dll
+ 2009-12-16 20:41 . 2009-11-03 12:57 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.16951_none_f390f4b9a04ce563\httpapi.dll
+ 2008-03-19 09:09 . 2009-12-24 14:26 56994 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-12-24 14:26 85302 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-27 00:51 . 2009-12-24 14:26 12560 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2052372012-1584203617-4053739633-1000_UserData.bin
- 2009-07-29 15:18 . 2009-07-18 16:02 28160 c:\windows\System32\jsproxy.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 28160 c:\windows\System32\jsproxy.dll
+ 2006-11-08 00:02 . 2006-11-08 00:02 22272 c:\windows\System32\DriverStore\FileRepository\rimusbnt.inf_3b5fa173\RimUsb.sys
+ 2009-12-23 22:43 . 2007-01-18 16:24 26496 c:\windows\System32\DriverStore\FileRepository\rimserial.inf_844a5f2c\RimSerial.sys
+ 2006-11-08 00:02 . 2006-11-08 00:02 22272 c:\windows\System32\drivers\RimUsb.sys
+ 2008-03-27 00:47 . 2009-12-23 22:50 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-27 00:47 . 2009-12-15 21:25 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-27 00:47 . 2009-12-15 21:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-27 00:47 . 2009-12-23 22:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-27 00:47 . 2009-12-23 22:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-27 00:47 . 2009-12-15 21:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2005-03-29 16:57 . 2005-03-29 16:57 64640 c:\windows\System32\catroot\qcusbser.sys
+ 2005-03-29 16:57 . 2005-03-29 16:57 64640 c:\windows\System32\catroot\qcusbmdm.sys
- 2009-12-01 21:07 . 2009-12-15 17:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 21:07 . 2009-12-24 14:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 21:07 . 2009-12-15 17:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-01 21:07 . 2009-12-24 14:23 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-01 21:07 . 2009-12-24 14:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-01 21:07 . 2009-12-15 17:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-23 22:43 . 2009-12-23 22:43 65536 c:\windows\Installer\{93356AC9-C222-4547-B743-FF1903ACCE04}\CMSPCS.exe1_93356AC9C2224547B743FF1903ACCE04.exe
+ 2009-12-23 22:43 . 2009-12-23 22:43 65536 c:\windows\Installer\{93356AC9-C222-4547-B743-FF1903ACCE04}\CMSPCS.exe_93356AC9C2224547B743FF1903ACCE04.exe
+ 2009-12-23 22:43 . 2009-12-23 22:43 65536 c:\windows\Installer\{93356AC9-C222-4547-B743-FF1903ACCE04}\ARPPRODUCTICON.exe
- 2006-11-02 10:25 . 2009-12-02 19:40 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-12-23 22:44 51200 c:\windows\inf\infpub.dat
+ 2009-12-16 20:49 . 2009-11-09 12:53 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\w3ctrlps.dll
+ 2009-12-16 20:49 . 2009-11-09 12:50 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisrstap.dll
+ 2009-12-16 20:49 . 2009-11-09 12:32 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\w3ctrlps.dll
+ 2009-12-16 20:49 . 2009-11-09 12:30 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisrstap.dll
+ 2009-12-16 20:49 . 2009-11-09 13:17 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\w3ctrlps.dll
+ 2009-12-16 20:49 . 2009-11-09 13:14 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisrstap.dll
+ 2009-12-16 20:49 . 2009-11-09 13:23 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\w3ctrlps.dll
+ 2009-12-16 20:49 . 2009-11-09 13:20 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisrstap.dll
+ 2009-12-16 20:49 . 2009-11-09 13:11 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\w3ctrlps.dll
+ 2009-12-16 20:49 . 2009-11-09 13:07 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisrstap.dll
+ 2009-12-16 20:49 . 2009-11-09 13:35 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\w3ctrlps.dll
+ 2009-12-16 20:49 . 2009-11-09 13:30 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisrstap.dll
+ 2003-04-16 22:58 . 2003-04-16 22:58 8464 c:\windows\System32\sporder.dll
+ 2009-12-22 23:58 . 2009-12-22 23:58 9560 c:\windows\System32\networklist\icons\{89A8B464-C14C-4CEF-9682-AC6418516D86}_48.bin
+ 2009-12-22 23:58 . 2009-12-22 23:58 4280 c:\windows\System32\networklist\icons\{89A8B464-C14C-4CEF-9682-AC6418516D86}_32.bin
+ 2009-12-22 23:58 . 2009-12-22 23:58 2456 c:\windows\System32\networklist\icons\{89A8B464-C14C-4CEF-9682-AC6418516D86}_24.bin
+ 2009-12-23 22:49 . 2009-12-23 22:49 9560 c:\windows\System32\networklist\icons\{2F4F5F62-4635-4496-9BBB-B8B564139E9F}_48.bin
+ 2009-12-23 22:49 . 2009-12-23 22:49 4280 c:\windows\System32\networklist\icons\{2F4F5F62-4635-4496-9BBB-B8B564139E9F}_32.bin
+ 2009-12-23 22:49 . 2009-12-23 22:49 2456 c:\windows\System32\networklist\icons\{2F4F5F62-4635-4496-9BBB-B8B564139E9F}_24.bin
- 2009-12-15 17:30 . 2009-12-15 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-24 14:23 . 2009-12-24 14:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-24 14:23 . 2009-12-24 14:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-12-15 17:30 . 2009-12-15 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-16 20:45 . 2009-08-24 11:50 377344 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6002.22208_none_27461209d860183c\winhttp.dll
+ 2009-12-16 20:45 . 2009-08-24 11:36 377344 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6002.18096_none_26592378bf8d4416\winhttp.dll
+ 2009-12-16 20:45 . 2009-08-24 11:51 378368 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.22504_none_255b9ef9db3d5dbc\winhttp.dll
+ 2009-12-16 20:45 . 2009-08-24 12:16 378368 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18315_none_24c830a6c226f613\winhttp.dll
+ 2009-12-16 20:45 . 2009-08-24 12:34 378880 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.21113_none_23696659de200580\winhttp.dll
+ 2009-12-16 20:45 . 2009-08-24 12:47 378368 c:\windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16913_none_22dff16cc5023274\winhttp.dll
+ 2009-12-16 20:40 . 2009-10-07 12:18 243712 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6002.22240_none_6eaa02896688399b\rastls.dll
+ 2009-12-16 20:40 . 2009-10-07 11:36 243712 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6002.18116_none_6e46d73e4d4cde08\rastls.dll
+ 2009-12-16 20:40 . 2009-10-07 12:18 243200 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.22536_none_6cd4624969546090\rastls.dll
+ 2009-12-16 20:40 . 2009-10-07 12:41 244224 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.18336_none_6c4ac3985036c39f\rastls.dll
+ 2009-12-16 20:40 . 2009-10-07 12:31 232960 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6000.21134_none_6aebf94b6c2fd30c\rastls.dll
+ 2009-12-16 20:40 . 2009-10-07 12:47 232960 c:\windows\winsxs\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6000.16932_none_6a6083ca5313cd52\rastls.dll
+ 2009-12-16 20:40 . 2009-10-07 12:18 281600 c:\windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.22536_none_132e3960907cf729\raschap.dll
+ 2009-12-16 20:40 . 2009-10-07 12:41 281600 c:\windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.18336_none_12a49aaf775f5a38\raschap.dll
+ 2009-12-16 20:40 . 2009-10-07 12:31 274432 c:\windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6000.21134_none_1145d062935869a5\raschap.dll
+ 2009-12-16 20:40 . 2009-10-07 12:47 274432 c:\windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6000.16932_none_10ba5ae17a3c63eb\raschap.dll
+ 2009-12-16 20:49 . 2009-11-09 12:50 374272 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22261_none_dccc93dec1560594\iisw3adm.dll
+ 2009-12-16 20:49 . 2009-11-09 12:30 373760 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18139_none_dc6b6927a818dcaf\iisw3adm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:14 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22559_none_daf8f432c4205f37\iisw3adm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:20 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18359_none_da6f5581ab02c246\iisw3adm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:07 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21157_none_d9108b34c6fbd1b3\iisw3adm.dll
+ 2009-12-16 20:49 . 2009-11-09 13:30 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.16954_none_d8841569ade0b2a2\iisw3adm.dll
+ 2009-12-16 20:49 . 2009-11-09 12:51 331776 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\nativerd.dll
+ 2009-12-16 20:49 . 2009-11-09 12:50 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisutil.dll
+ 2009-12-16 20:49 . 2009-11-09 11:04 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iissetup.exe
+ 2009-12-16 20:49 . 2009-11-09 12:50 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisRtl.dll
+ 2009-12-16 20:49 . 2009-11-09 11:03 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iisres.dll
+ 2009-12-16 20:49 . 2009-11-09 12:53 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\iismig.dll
+ 2009-12-16 20:49 . 2009-11-09 11:03 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\aspnetca.exe
+ 2009-12-16 20:49 . 2009-11-09 12:48 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\appobj.dll
+ 2009-12-16 20:49 . 2009-11-09 11:03 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22261_none_1319a9d1cb4601d3\appcmd.exe
+ 2009-12-16 20:49 . 2009-11-09 12:31 331264 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\nativerd.dll
+ 2009-12-16 20:49 . 2009-11-09 12:30 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisutil.dll
+ 2009-12-16 20:49 . 2009-11-09 10:49 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iissetup.exe
+ 2009-12-16 20:49 . 2009-11-09 12:30 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisRtl.dll
+ 2009-12-16 20:49 . 2009-11-09 10:48 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iisres.dll
+ 2009-12-16 20:49 . 2009-11-09 12:32 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\iismig.dll
+ 2009-12-16 20:49 . 2009-11-09 10:49 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\aspnetca.exe
+ 2009-12-16 20:49 . 2009-11-09 12:28 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\appobj.dll
+ 2009-12-16 20:49 . 2009-11-09 10:48 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18139_none_12b87f1ab208d8ee\appcmd.exe
+ 2009-12-16 20:49 . 2009-11-09 13:16 331776 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\nativerd.dll
+ 2009-12-16 20:49 . 2009-11-09 13:14 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisutil.dll
+ 2009-12-16 20:49 . 2009-11-09 11:25 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iissetup.exe
+ 2009-12-16 20:49 . 2009-11-09 13:14 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisRtl.dll
+ 2009-12-16 20:49 . 2009-11-09 11:25 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iisres.dll
+ 2009-12-16 20:49 . 2009-11-09 13:17 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\iismig.dll
+ 2009-12-16 20:49 . 2009-11-09 11:25 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\aspnetca.exe
+ 2009-12-16 20:49 . 2009-11-09 13:12 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\appobj.dll
+ 2009-12-16 20:49 . 2009-11-09 11:25 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22559_none_11460a25ce105b76\appcmd.exe
+ 2009-12-16 20:49 . 2009-11-09 13:22 326656 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\nativerd.dll
+ 2009-12-16 20:49 . 2009-11-09 13:20 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisutil.dll
+ 2009-12-16 20:49 . 2009-11-09 11:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iissetup.exe
+ 2009-12-16 20:49 . 2009-11-09 13:20 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisRtl.dll
+ 2009-12-16 20:49 . 2009-11-09 11:21 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iisres.dll
+ 2009-12-16 20:49 . 2009-11-09 13:23 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\iismig.dll
+ 2009-12-16 20:49 . 2009-11-09 11:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\aspnetca.exe
+ 2009-12-16 20:49 . 2009-11-09 13:18 311296 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\appobj.dll
+ 2009-12-16 20:49 . 2009-11-09 11:21 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18359_none_10bc6b74b4f2be85\appcmd.exe
+ 2009-12-16 20:49 . 2009-11-09 13:09 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\nativerd.dll
+ 2009-12-16 20:49 . 2009-11-09 13:07 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisutil.dll
+ 2009-12-16 20:49 . 2009-11-09 11:16 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iissetup.exe
+ 2009-12-16 20:49 . 2009-11-09 13:07 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisRtl.dll
+ 2009-12-16 20:49 . 2009-11-09 10:06 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iisres.dll
+ 2009-12-16 20:49 . 2009-11-09 13:11 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\iismig.dll
+ 2009-12-16 20:49 . 2009-11-09 11:16 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\aspnetca.exe
+ 2009-12-16 20:49 . 2009-11-09 13:05 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\appobj.dll
+ 2009-12-16 20:49 . 2009-11-09 11:16 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21157_none_0f5da127d0ebcdf2\appcmd.exe
+ 2009-12-16 20:49 . 2009-11-09 13:33 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\nativerd.dll
+ 2009-12-16 20:49 . 2009-11-09 13:30 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisutil.dll
+ 2009-12-16 20:49 . 2009-11-09 11:34 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iissetup.exe
+ 2009-12-16 20:49 . 2009-11-09 13:30 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisRtl.dll
+ 2009-12-16 20:49 . 2009-11-09 10:17 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iisres.dll
+ 2009-12-16 20:49 . 2009-11-09 13:35 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\iismig.dll
+ 2009-12-16 20:49 . 2009-11-09 11:34 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\aspnetca.exe
+ 2009-12-16 20:49 . 2009-11-09 13:29 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\appobj.dll
+ 2009-12-16 20:49 . 2009-11-09 11:33 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.16954_none_0ed12b5cb7d0aee1\appcmd.exe
+ 2009-12-16 20:49 . 2009-11-09 12:50 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.22261_none_6bb9ae319a48be5d\isapi.dll
+ 2009-12-16 20:49 . 2009-11-09 12:30 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.18139_none_6b58837a810b9578\isapi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:15 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.22559_none_69e60e859d131800\isapi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:20 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.18359_none_695c6fd483f57b0f\isapi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:08 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.21157_none_67fda5879fee8a7c\isapi.dll
+ 2009-12-16 20:49 . 2009-11-09 13:31 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.16954_none_67712fbc86d36b6b\isapi.dll
+ 2009-12-16 20:49 . 2009-11-09 12:50 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22261_none_d1da3f343fb867a4\iiscore.dll
+ 2009-12-16 20:49 . 2009-11-09 12:30 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18139_none_d179147d267b3ebf\iiscore.dll
+ 2009-12-16 20:49 . 2009-11-09 13:14 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22559_none_d0069f884282c147\iiscore.dll
+ 2009-12-16 20:49 . 2009-11-09 13:20 189952 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18359_none_cf7d00d729652456\iiscore.dll
+ 2009-12-16 20:49 . 2009-11-09 13:07 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21157_none_ce1e368a455e33c3\iiscore.dll
+ 2009-12-16 20:49 . 2009-11-09 13:30 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.16954_none_cd91c0bf2c4314b2\iiscore.dll
+ 2009-12-16 20:45 . 2009-10-27 10:49 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21148_none_0bc40cd3f02d913f\ieuser.exe
+ 2009-12-16 20:45 . 2009-10-27 12:27 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16945_none_0b379708d712722e\ieuser.exe
+ 2009-12-16 20:45 . 2009-10-27 10:49 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21148_none_e71bd7b7adb2d18d\ieinstal.exe
+ 2009-12-16 20:45 . 2009-10-27 12:27 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16945_none_e68f61ec9497b27c\ieinstal.exe
+ 2009-12-16 20:45 . 2009-10-27 12:49 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22252_none_66de73e2c489b136\ieui.dll
+ 2009-12-16 20:45 . 2009-10-27 14:08 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18130_none_6668765bab5da6dc\ieui.dll
+ 2009-12-16 20:45 . 2009-10-27 13:05 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22550_none_64f60166c7652964\ieui.dll
+ 2008-06-17 18:24 . 2008-01-19 07:34 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18349_none_6480353bae375491\ieui.dll
+ 2009-12-16 20:45 . 2009-10-27 13:14 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21148_none_63226b38ca2f7d55\ieui.dll
+ 2009-12-16 20:45 . 2009-10-27 15:01 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16945_none_6295f56db1145e44\ieui.dll
+ 2009-12-16 20:45 . 2009-10-27 13:07 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22550_none_47f73f20a5ca505e\sqmapi.dll
+ 2009-12-16 20:45 . 2009-10-27 13:05 271360 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22550_none_47f73f20a5ca505e\iertutil.dll
+ 2008-06-17 18:25 . 2008-01-19 07:36 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18349_none_478172f58c9c7b8b\sqmapi.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18349_none_478172f58c9c7b8b\iertutil.dll
+ 2009-12-16 20:45 . 2009-10-27 13:18 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21148_none_4623a8f2a894a44f\sqmapi.dll
+ 2009-12-16 20:45 . 2009-10-27 13:14 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21148_none_4623a8f2a894a44f\iertutil.dll
+ 2009-12-16 20:45 . 2009-10-27 15:04 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16945_none_459733278f79853e\sqmapi.dll
+ 2009-12-16 20:45 . 2009-10-27 15:01 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16945_none_459733278f79853e\iertutil.dll
+ 2009-12-16 20:45 . 2009-10-27 13:06 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.22550_none_3779fcf32d6935cc\occache.dll
+ 2009-12-16 20:45 . 2009-10-27 13:18 146432 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.18349_none_370430c8143b60f9\occache.dll
+ 2009-12-16 20:45 . 2009-10-27 13:17 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.21148_none_35a666c5303389bd\occache.dll
+ 2009-12-16 20:45 . 2009-10-27 15:04 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.16945_none_3519f0fa17186aac\occache.dll
+ 2009-12-16 20:45 . 2009-10-27 13:11 634632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22550_none_2fb594d03344a0e4\iexplore.exe
+ 2009-12-16 20:45 . 2009-10-27 13:24 634632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18349_none_2f3fc8a51a16cc11\iexplore.exe
+ 2009-12-16 20:45 . 2009-10-27 13:22 634632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21148_none_2de1fea2360ef4d5\iexplore.exe
+ 2009-12-16 20:45 . 2009-10-27 15:11 634632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\iexplore.exe
+ 2009-12-16 20:45 . 2009-10-27 13:16 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21148_none_46a8e8005f753900\mshtmled.dll
+ 2009-12-16 20:45 . 2009-10-27 15:03 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16945_none_461c7235465a19ef\mshtmled.dll
+ 2009-12-16 20:45 . 2009-10-27 13:06 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22550_none_603a1f1353bc84b9\msfeeds.dll
+ 2009-12-16 20:45 . 2009-10-27 13:17 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18349_none_5fc452e83a8eafe6\msfeeds.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21148_none_5e6688e55686d8aa\msfeeds.dll
+ 2009-12-16 20:45 . 2009-10-27 15:03 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16945_none_5dda131a3d6bb999\msfeeds.dll
+ 2009-12-16 20:45 . 2009-10-27 13:13 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21148_none_96464da89db48673\dxtrans.dll
+ 2009-12-16 20:45 . 2009-10-27 13:13 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21148_none_96464da89db48673\dxtmsft.dll
+ 2009-12-16 20:45 . 2009-10-27 15:00 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16945_none_95b9d7dd84996762\dxtrans.dll
+ 2009-12-16 20:45 . 2009-10-27 15:00 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16945_none_95b9d7dd84996762\dxtmsft.dll
+ 2009-12-16 20:45 . 2009-10-27 12:49 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.22252_none_fdce1d9a82293426\ieapfltr.dll
+ 2009-12-16 20:45 . 2009-10-27 14:08 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.18130_none_fd58201368fd29cc\ieapfltr.dll
+ 2009-12-16 20:45 . 2009-10-27 13:05 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.22550_none_fbe5ab1e8504ac54\ieapfltr.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18349_none_fb6fdef36bd6d781\ieapfltr.dll
+ 2009-12-16 20:45 . 2009-10-27 13:14 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21148_none_fa1214f087cf0045\ieapfltr.dll
+ 2009-12-16 20:45 . 2009-10-27 15:01 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16945_none_f9859f256eb3e134\ieapfltr.dll
+ 2009-12-16 20:45 . 2009-10-27 13:05 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22550_none_ae85b694200c09a7\ieakui.dll
+ 2009-12-16 20:45 . 2009-10-27 13:05 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22550_none_ae85b694200c09a7\ieaksie.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18349_none_ae0fea6906de34d4\ieakui.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18349_none_ae0fea6906de34d4\ieaksie.dll
+ 2009-12-16 20:45 . 2009-10-27 13:14 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21148_none_acb2206622d65d98\ieakui.dll
+ 2009-12-16 20:45 . 2009-10-27 13:14 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21148_none_acb2206622d65d98\ieaksie.dll
+ 2009-12-16 20:45 . 2009-10-27 15:01 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16945_none_ac25aa9b09bb3e87\ieakui.dll
+ 2009-12-16 20:45 . 2009-10-27 15:01 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16945_none_ac25aa9b09bb3e87\ieaksie.dll
+ 2009-12-16 20:45 . 2009-10-27 13:05 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22550_none_74a4014070c352c8\iedkcs32.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18349_none_742e351557957df5\iedkcs32.dll
+ 2009-12-16 20:45 . 2009-10-27 13:14 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21148_none_72d06b12738da6b9\iedkcs32.dll
+ 2009-12-16 20:45 . 2009-10-27 15:01 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.16945_none_7243f5475a7287a8\iedkcs32.dll
+ 2009-12-16 20:45 . 2009-10-27 12:53 834048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22252_none_0424fac0b83db9d3\wininet.dll
+ 2009-12-16 20:45 . 2009-10-27 14:11 834048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18130_none_03aefd399f11af79\wininet.dll
+ 2009-12-16 20:45 . 2009-10-27 13:07 834048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22550_none_023c8844bb193201\wininet.dll
+ 2009-12-16 20:45 . 2009-10-27 13:20 833024 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18349_none_01c6bc19a1eb5d2e\wininet.dll
+ 2009-12-16 20:45 . 2009-10-27 13:18 841216 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21148_none_0068f216bde385f2\wininet.dll
+ 2009-12-16 20:45 . 2009-10-27 15:05 832512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16945_none_ffdc7c4ba4c866e1\wininet.dll
+ 2009-12-16 20:45 . 2009-10-27 13:06 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22550_none_e1193b6b95b8cadd\mstime.dll
+ 2009-12-16 20:45 . 2009-10-27 13:17 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18349_none_e0a36f407c8af60a\mstime.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.21148_none_df45a53d98831ece\mstime.dll
+ 2009-12-16 20:45 . 2009-10-27 15:03 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16945_none_deb92f727f67ffbd\mstime.dll
+ 2009-12-16 20:49 . 2009-11-09 10:49 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22261_none_aef133562f4e979f\http.sys
+ 2009-12-16 20:41 . 2009-11-03 19:45 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22258_none_af0305482f402d0f\http.sys
+ 2009-12-16 20:49 . 2009-11-09 10:36 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18139_none_ae90089f16116eba\http.sys
+ 2009-12-16 20:41 . 2009-11-03 19:41 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18136_none_ae8d07c1161422b5\http.sys
+ 2009-12-16 20:49 . 2009-11-09 11:09 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22559_none_ad1d93aa3218f142\http.sys
+ 2009-12-16 20:41 . 2009-11-03 19:52 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22556_none_ad1a92cc321ba53d\http.sys
+ 2009-12-16 20:49 . 2009-11-09 11:04 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18359_none_ac93f4f918fb5451\http.sys
+ 2009-12-16 20:41 . 2009-11-03 19:53 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18356_none_ac90f41b18fe084c\http.sys
+ 2009-12-16 20:49 . 2009-11-09 11:01 398848 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21157_none_ab352aac34f463be\http.sys
+ 2009-12-16 20:41 . 2009-11-03 10:31 398848 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21154_none_ab3229ce34f717b9\http.sys
+ 2009-12-16 20:49 . 2009-11-09 11:17 396800 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.16954_none_aaa8b4e11bd944ad\http.sys
+ 2009-12-16 20:41 . 2009-11-03 10:37 396800 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.16951_none_aaa5b4031bdbf8a8\http.sys
+ 2009-12-16 20:45 . 2009-10-27 13:12 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21148_none_aa4b64130ee101fc\advpack.dll
+ 2009-12-16 20:45 . 2009-10-27 14:59 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16945_none_a9beee47f5c5e2eb\advpack.dll
+ 2009-12-16 20:45 . 2009-08-24 12:16 378368 c:\windows\System32\winhttp.dll
+ 2008-06-19 02:24 . 2009-12-24 14:16 460686 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2006-11-02 10:33 . 2009-12-24 14:28 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-16 16:22 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-16 16:22 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-12-24 14:28 101350 c:\windows\System32\perfc009.dat
+ 2009-12-16 20:45 . 2009-10-27 13:18 146432 c:\windows\System32\occache.dll
- 2009-07-29 15:18 . 2009-07-18 16:04 146432 c:\windows\System32\occache.dll
+ 2009-12-16 20:45 . 2009-10-27 13:17 671232 c:\windows\System32\mstime.dll
- 2009-07-29 15:18 . 2009-07-18 16:03 671232 c:\windows\System32\mstime.dll
+ 2009-12-16 20:45 . 2009-10-27 13:17 458240 c:\windows\System32\msfeeds.dll
- 2009-07-29 15:18 . 2009-07-18 16:02 458240 c:\windows\System32\msfeeds.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 270848 c:\windows\System32\iertutil.dll
- 2009-07-29 15:18 . 2009-07-18 16:01 270848 c:\windows\System32\iertutil.dll
- 2009-07-29 15:18 . 2009-07-18 16:01 389120 c:\windows\System32\iedkcs32.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 389120 c:\windows\System32\iedkcs32.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 380928 c:\windows\System32\ieapfltr.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 230400 c:\windows\System32\ieaksie.dll
- 2009-07-29 15:18 . 2009-07-18 16:01 230400 c:\windows\System32\ieaksie.dll
+ 2006-11-02 10:25 . 2009-12-23 22:44 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-12-02 19:40 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-12-02 19:40 143360 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-12-23 22:44 143360 c:\windows\inf\infstor.dat
+ 2009-12-16 20:45 . 2009-11-16 08:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22268_none_f4bf533781e7af0f\OESpamFilter.dat
+ 2009-12-16 20:45 . 2009-11-16 08:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18146_none_f44955b068bba4b5\OESpamFilter.dat
+ 2009-12-16 20:45 . 2009-11-16 08:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22564_none_f2d4e02784c4f48f\OESpamFilter.dat
+ 2009-12-16 20:45 . 2009-11-16 08:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18364_none_f24b41766ba7579e\OESpamFilter.dat
+ 2009-12-16 20:45 . 2009-11-16 08:49 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21162_none_f0ec772987a0670b\OESpamFilter.dat
+ 2009-12-16 20:45 . 2009-11-16 08:49 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16960_none_f06101a86e846151\OESpamFilter.dat
+ 2009-12-16 20:45 . 2009-10-27 12:49 6081536 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22252_none_66de73e2c489b136\ieframe.dll
+ 2009-12-16 20:45 . 2009-10-27 14:08 6079488 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18130_none_6668765bab5da6dc\ieframe.dll
+ 2009-12-16 20:45 . 2009-10-27 10:59 6072320 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22550_none_64f60166c7652964\ieframe.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 6069248 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18349_none_6480353bae375491\ieframe.dll
+ 2009-12-16 20:45 . 2009-10-27 13:14 6070784 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21148_none_63226b38ca2f7d55\ieframe.dll
+ 2009-12-16 20:45 . 2009-10-27 15:01 6067200 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16945_none_6295f56db1145e44\ieframe.dll
+ 2009-12-16 20:45 . 2009-10-27 12:50 3602944 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22252_none_157f19df38942309\mshtml.dll
+ 2009-12-16 20:45 . 2009-10-27 14:09 3599872 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18130_none_15091c581f6818af\mshtml.dll
+ 2009-12-16 20:45 . 2009-10-27 13:06 3587072 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22550_none_1396a7633b6f9b37\mshtml.dll
+ 2009-12-16 20:45 . 2009-10-27 13:17 3584000 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18349_none_1320db382241c664\mshtml.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 3602432 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21148_none_11c311353e39ef28\mshtml.dll
+ 2009-12-16 20:45 . 2009-10-27 15:03 3598336 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16945_none_11369b6a251ed017\mshtml.dll
+ 2009-07-29 15:18 . 2009-06-18 06:57 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.22252_none_fdce1d9a82293426\ieapfltr.dat
+ 2009-07-29 15:18 . 2009-06-18 06:57 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.18130_none_fd58201368fd29cc\ieapfltr.dat
+ 2009-07-29 15:18 . 2009-06-18 06:57 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.22550_none_fbe5ab1e8504ac54\ieapfltr.dat
+ 2009-07-29 15:18 . 2009-06-18 06:57 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18349_none_fb6fdef36bd6d781\ieapfltr.dat
+ 2009-07-29 15:18 . 2009-06-18 06:57 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21148_none_fa1214f087cf0045\ieapfltr.dat
+ 2009-07-29 15:18 . 2009-06-18 06:57 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16945_none_f9859f256eb3e134\ieapfltr.dat
+ 2009-12-16 20:45 . 2009-10-27 12:53 1176064 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.22252_none_b71f1f1eed349340\urlmon.dll
+ 2009-12-16 20:45 . 2009-10-27 14:11 1176064 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6002.18130_none_b6a92197d40888e6\urlmon.dll
+ 2009-12-16 20:45 . 2009-10-27 13:07 1175040 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22550_none_b536aca2f0100b6e\urlmon.dll
+ 2009-12-16 20:45 . 2009-10-27 13:20 1174528 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18349_none_b4c0e077d6e2369b\urlmon.dll
+ 2009-12-16 20:45 . 2009-10-27 13:18 1170944 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.21148_none_b3631674f2da5f5f\urlmon.dll
+ 2009-12-16 20:45 . 2009-10-27 15:05 1168384 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16945_none_b2d6a0a9d9bf404e\urlmon.dll
+ 2009-12-16 20:45 . 2009-10-27 13:20 1174528 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2009-12-23 23:11 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-12-15 17:45 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-12-16 20:45 . 2009-10-27 13:17 3584000 c:\windows\System32\mshtml.dll
- 2009-07-29 15:18 . 2009-07-18 16:01 6069248 c:\windows\System32\ieframe.dll
+ 2009-12-16 20:45 . 2009-10-27 13:16 6069248 c:\windows\System32\ieframe.dll
+ 2009-07-29 15:18 . 2009-06-18 06:57 2452872 c:\windows\System32\ieapfltr.dat
+ 2009-12-23 22:43 . 2009-12-23 22:43 5220352 c:\windows\Installer\4de9fc4.msi
+ 2006-11-02 10:24 . 2009-12-01 20:06 25966024 c:\windows\System32\mrt.exe
+ 2009-06-02 13:59 . 2009-12-16 20:50 250518331 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-22 4352832]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-22 960528]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"OEM02Cfg.exe"="OEM02Cfg.exe" [2007-08-28 28672]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-22 115560]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-19 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UnInstall SciFinder Scholar.lnk]
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Lohse^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-11-22 02:48 165144 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 17:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2007-10-09 23:56 202544 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-06-29 20:28 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 19:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 19:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 20:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 10:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-12-01 21:52 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-01-04 16:02 222504 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 18:31 81920 ----a-w- c:\windows\System32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XFDLINK]
2007-11-26 18:54 45056 ----a-w- c:\program files\CrossFire Commander 7.1\xfdlink.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2052372012-1584203617-4053739633-1000]
"EnableNotificationsRef"=dword:00000001

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 1:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 1:49 PM 74480]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [6/12/2009 3:58 PM 73728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/8/2009 8:59 AM 102448]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [10/22/2009 3:01 PM 23888]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [3/19/2008 10:29 AM 111104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 1:50 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.charter.net/google/index.php?q=
FF - component: c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\CambridgeSoft\ChemOffice2008\ChemDraw\NPCDP32.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npSfAppM.dll
FF - plugin: c:\users\Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\oomglasp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 09:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-24 09:50:54
ComboFix-quarantined-files.txt 2009-12-24 15:50
ComboFix2.txt 2009-12-21 23:50
ComboFix3.txt 2009-12-16 20:19

Pre-Run: 24,517,832,704 bytes free
Post-Run: 24,477,319,168 bytes free

- - End Of File - - 157948882C0BA0051B11F26439B4604C



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-24 10:25:33
Windows 6.0.6001 Service Pack 1
Running: veyrid63.exe; Driver: C:\Users\Lohse\AppData\Local\Temp\uglcapoc.sys


---- System - GMER 1.0.15 ----

SSDT 87312A70 ZwAlertResumeThread
SSDT 87310A70 ZwAlertThread
SSDT 89209840 ZwAllocateVirtualMemory
SSDT 8920DBC0 ZwCreateMutant
SSDT 89209910 ZwCreateThread
SSDT 892096A0 ZwFreeVirtualMemory
SSDT 87316A70 ZwImpersonateAnonymousToken
SSDT 87314A70 ZwImpersonateThread
SSDT 892095C0 ZwMapViewOfSection
SSDT 87319A70 ZwOpenEvent
SSDT 872FFA70 ZwOpenProcessToken
SSDT 89209398 ZwOpenThreadToken
SSDT 872F8A70 ZwResumeThread
SSDT 87308A70 ZwSetContextThread
SSDT 89209468 ZwSetInformationProcess
SSDT 8920D008 ZwSetInformationThread
SSDT 8731BA70 ZwSuspendProcess
SSDT 8730DA70 ZwSuspendThread
SSDT 872E2A70 ZwTerminateProcess
SSDT 8730BA70 ZwTerminateThread
SSDT 872E3A70 ZwUnmapViewOfSection
SSDT 89209770 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 822C4914 8 Bytes [70, 2A, 31, 87, 70, 0A, 31, ...] {JO 0x2c; XOR [EDI-0x78cef590], EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 364 822C4928 4 Bytes [40, 98, 20, 89]
.text ntkrnlpa.exe!KeSetTimerEx + 428 822C49EC 4 Bytes [C0, DB, 20, 89]
.text ntkrnlpa.exe!KeSetTimerEx + 454 822C4A18 4 Bytes [10, 99, 20, 89]
.text ntkrnlpa.exe!KeSetTimerEx + 568 822C4B2C 4 Bytes [A0, 96, 20, 89]
.text ...
? C:\Users\Lohse\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [745F88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [746398A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [745FB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [745EFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [745F7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [745EEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7462B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [745FBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [745F074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [745F06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [745E71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7467D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74617379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [745EE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [745E697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [745E69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4208] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [745F2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 snman380.sys (Acronis Snapshot API/Acronis)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\Logfiles\Srt\SrtTrail.log 18540 bytes

---- EOF - GMER 1.0.15 ----





SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 10:26 on 24/12/2009 by Lohse (Administrator - Elevation successful)

========== filefind ==========

Searching for "*eventlog.dl*"
C:\Program Files\CyberLink\PowerDirector\EventLog.dll ------ 7216 bytes [02:34 18/05/2007] [02:34 18/05/2007] C2A279A458A06DE2C83D842AA042B5A8

-=End Of File=-




SERVICE_NAME: eventlog
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0




But still getting redirects. Hope you're having a good holiday. Thanks again for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users