Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs and Browsers being stubborn


  • This topic is locked This topic is locked
22 replies to this topic

#1 DuncanR

DuncanR

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 29 December 2009 - 08:43 PM

I've been having problems with my computer for quite a while now, and the only reason I've let things slide for this long is that none of the problems directly affect any of the critically important programs I use; It's mostly games and browsers that are messed up. Still, enough is enough; I want to deal with this before something truly vital breaks.

I've taken bad care of my poor little PC, and I'm certain it deserves a better admin than me. Please give me another chance to treat it properly! I've backed up all of my files, and run every requested scanner as best I could. Any help at all would be greatly appreciated.

The List:

Many programs simply refuse to run at all. When I double-click such a program, I get a few seconds of spinning cursor and then nothing starts up. Some programs work, and others don't; some of them are Vista native, some are XP native. The majority of the stubborn programs I've discovered are games. I've tried running them in compatibility mode with no success. All of these programs were working fine before.

My Web Browsers are frequently unable to save files to disk; the progress bar displays normally and the file appears in the destination folder as a download in progress. As soon as the download is finished, this file disappears. This happens with all kinds of files, from plain text and mp3s to program installers. This affects both Explorer and Firefox.
I managed to get a file down-loader called "MultiGet," which I copied over from another PC that was working normally; I had to use it to download HijackThis, DSS, and RootRepeal.

Search results redirect me to pay or ad sites. When clicking on Google search results (or on one of my bookmarks), the browser often redirects me to different websites. They usually involve shopping, advertising, or simply a search result page for a non-Google search engine. If I copy and paste the address manually, the redirect doesn't happen.

I am unable to view or access certain control panels or system files. I'll attempt to view a control panel or move a file and get the following dialog box: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I'm positive I'm using an Administrator account.
At a glance, the following control panels are inaccessible: Date and Time, Folder Options, Game Controllers, Icon Packager, Indexing Options, Internet Options, Keyboard, Mouse, NVIDIA Control Panel, NVIDIA PhysX, Pen and Input Devices, People Near Me, Screen Saver, Display Settings, Phone and Modem Options, Regional and Language Options, Security Center, Sound, and Taskbar and Start Menu.
Windows Defender and Windows Firewall seem to open up at first... but when I go to actually change any of the Firewall settings, it tells me that "Windows needs your permission to continue." I accept, and then I get the following message: "Due to an unidentified problem, Windows cannot display Windows Firewall settings."


*Note*
RootRepeal generated an error when I first started it up, and several more similar looking errors as I attempted to run a scan. I tried running in compatability mode, and as an administrator just in case. On a whim, I tried even restarting the computer and running it again in "Safe Mode With Networking," but got exactly the same error.

The Startup error:
FOPS - DeviceIOControlError! Error Code = 0xc0000024
Extended Info (0x000000e0)

Because of this, I was unable to get any RootRepeal reports. Please let me know if there is a different application I can use to generate a similar report.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Duncan at 21:29:58.09 on 29/12/2009
Internet Explorer: 7.0.6000.16890 BrowserJavaVersion: 1.6.0_17
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://webmail.northernelectric.ca/horde/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-CA /HIDEBL
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\duncan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: rgadtm - rgadtm.dll
AppInit_DLLs: avgrsstx.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\duncan\appdata\roaming\mozilla\firefox\profiles\btccxuwo.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.northernelectric.ca/horde/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-12-29 23:13:22 0 d-----w- c:\program files\Trend Micro
2009-12-29 09:17:24 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-12-29 05:11:43 0 d-----w- c:\programdata\CCP
2009-12-29 05:11:43 0 d-----w- c:\program files\CCP
2009-12-21 02:19:58 0 d-----w- c:\users\duncan\MultiGet-1.1.2-windows
2009-12-21 02:19:42 5293632 ----a-w- c:\users\duncan\MultiGet-1.1.2-windows.rar
2009-12-03 21:53:53 0 d-----w- C:\data

==================== Find3M ====================

2009-11-03 00:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-11 08:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-12-12 17:11:05 174 --sha-w- c:\program files\desktop.ini
2008-11-22 01:30:29 86016 ----a-w- c:\windows\inf\infstrng.dat
2008-11-22 01:30:29 51200 ----a-w- c:\windows\inf\infpub.dat
2008-11-22 01:30:27 86016 ----a-w- c:\windows\inf\infstor.dat
2008-06-11 06:09:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-05-04 13:58:16 19141 ----a-w- c:\program files\Readme.txt
2006-04-25 19:31:38 7247360 ----a-w- c:\program files\Oblivion.exe
2006-04-06 14:25:44 1662976 ----a-w- c:\program files\OblivionLauncher.exe
2006-02-24 13:14:14 12766 ----a-w- c:\program files\Oblivion_default.ini
2005-09-16 10:03:08 40960 ----a-w- c:\program files\atimgpud.dll
2005-09-09 19:08:02 7778564 ----a-w- c:\program files\LauncherMusic.wav
2005-01-08 21:53:38 338944 ----a-w- c:\program files\binkw32.dll
2002-04-18 18:04:48 395 ----a-w- c:\program files\Bethesda.TXT
2007-09-25 21:56:51 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-09-25 21:56:51 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-09-25 21:56:51 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-09-16 14:16:49 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-09-23 04:53:01 16384 --sha-w- c:\windows\temp\cookies\index.dat
2007-09-23 04:53:01 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2007-09-23 04:53:01 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 21:30:55.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:37 AM

Posted 31 December 2009 - 01:09 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 DuncanR

DuncanR
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 01 January 2010 - 12:07 AM

Thank you so much for your time!

The PC in question has had it's network and power cables unplugged since I posted, and I've been using a different, clean computer. I just started it up again, and got the following pop-up when it finished. Doesn't look suspicious to me, but I'm being paranoid.

Posted Image

I've downloaded all three of the files you linked using a different computer, and copied them over to the Problem PC via USB drive.

Installation has gone smoothly, and the database was "successfully updated from version 3458 to 3466"

Huh. When I clicked "Start Scan" I got a window that indicated it was in progress... then Malwarebytes closed. I tried to open it again from the start menu, and got this.

Posted Image

I know it opened properly just a moment ago. I then went to the actual folder in the C Drive and double clicked the application directly. Nothing happened. On a whim, I opened the folder properties and unchecked "read-only." It told me to confirm my administrator status, and when I accepted I got the following:

Posted Image

Moving on. Copied OTL to my desktop (also moved a bunch of desktop files to a "clutter" folder), set everything as follows, clicked "Quick Scan," and went to get a drink.

Posted Image

The only things open at the time were OTL, my web browser for viewing this forum, notepad for taking notes, and an open file folder window.

I'm not sure if you wanted this pasted in the message post, or attached as a text file. Please let me know which is generally preferable, and I'll assume you expressly say when you want it attached as a file. And let me know if the screen captures of pop-ups are unnecessary

Also, please let me know if you want me to stop using the computer completely until the issue is resolved.

Here are the OST Scan results:



OTL logfile created on: 01/01/2010 12:32:10 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Duncan\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.05 Gb Total Space | 13.27 Gb Free Space | 5.92% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 1.01 Gb Free Space | 11.46% Space Free | Partition Type: NTFS
Drive E: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 245.59 Mb Total Space | 194.78 Mb Free Space | 79.31% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DUNCAN-PC
Current User Name: Duncan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/31 23:55:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Duncan\Desktop\OTL.exe
PRC - [2009/12/21 16:27:11 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/29 10:09:47 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/01 16:20:57 | 03,634,024 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe
PRC - [2009/09/14 15:11:44 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/14 15:11:44 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/14 15:11:36 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 01,153,368 | -H-- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/10 12:35:36 | 00,587,776 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe
PRC - [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/25 07:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/07 13:33:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/08/04 15:45:16 | 05,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2008/07/10 09:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/01/17 22:58:36 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Group\Apache2\bin\Apache.exe
PRC - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/09/15 19:51:55 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/15 19:51:55 | 00,318,648 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/03/01 11:38:48 | 04,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/02 08:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe


========== Modules (SafeList) ==========

MOD - [2009/12/31 23:55:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Duncan\Desktop\OTL.exe
MOD - [2009/09/14 15:12:25 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2006/11/02 05:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/14 15:11:39 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/14 15:11:36 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/29 09:23:22 | 00,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/26 14:31:10 | 01,153,368 | -H-- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/10 12:35:36 | 00,587,776 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/07 13:33:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/08/04 15:45:16 | 05,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL5)
SRV - [2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/05/05 18:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/02/27 17:55:59 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/17 22:58:36 | 00,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Apache Group\Apache2\bin\Apache.exe -- (Apache2)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/18 06:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/10/10 16:37:10 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2007/09/15 19:51:55 | 00,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/03/26 16:21:20 | 00,887,544 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/03/08 21:54:46 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1889157169-104626387-3461231354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1889157169-104626387-3461231354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.northernelectric.ca/horde/
IE - HKU\S-1-5-21-1889157169-104626387-3461231354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1889157169-104626387-3461231354-1000\S-1-5-21-1889157169-104626387-3461231354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1889157169-104626387-3461231354-1000\S-1-5-21-1889157169-104626387-3461231354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://webmail.northernelectric.ca/horde/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 16:28:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/12 08:20:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/15 13:36:20 | 00,000,000 | ---D | M]

[2008/12/04 16:38:34 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\Mozilla\Extensions
[2010/01/01 00:15:13 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\Mozilla\Firefox\Profiles\btccxuwo.default\extensions
[2009/12/29 20:55:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1889157169-104626387-3461231354-1000..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKU\S-1-5-21-1889157169-104626387-3461231354-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1889157169-104626387-3461231354-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1889157169-104626387-3461231354-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-21-1889157169-104626387-3461231354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1889157169-104626387-3461231354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1889157169-104626387-3461231354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1889157169-104626387-3461231354-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\rgadtm: DllName - rgadtm.dll - C:\Windows\System32\rgadtm.dll ()
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/14 16:48:03 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1998/12/13 03:43:32 | 00,000,040 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{45b7c680-20ea-11dc-8ae4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{45b7c680-20ea-11dc-8ae4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1998/12/01 01:04:40 | 00,025,600 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1998/12/01 01:04:40 | 00,025,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 07:18:47 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/01 00:25:05 | 00,000,000 | ---D | C] -- C:\Users\Duncan\Desktop\Desktop Clutter
[2010/01/01 00:10:54 | 00,000,000 | ---D | C] -- C:\Users\Duncan\AppData\Roaming\Malwarebytes
[2010/01/01 00:10:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/01 00:10:48 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/01 00:10:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/01 00:10:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/01 00:08:58 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Duncan\Desktop\OTL.exe
[2010/01/01 00:08:56 | 00,000,000 | ---D | C] -- C:\Users\Duncan\Bleeping Computer Stuff
[2009/12/29 19:13:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/29 05:34:34 | 00,000,000 | ---D | C] -- C:\Users\Duncan\AppData\Local\CCP
[2009/12/29 01:11:43 | 00,000,000 | ---D | C] -- C:\ProgramData\CCP
[2009/12/29 01:11:43 | 00,000,000 | ---D | C] -- C:\Program Files\CCP
[2009/12/23 03:44:42 | 00,000,000 | ---D | C] -- C:\Users\Duncan\Documents\Cam Chatlogs
[2009/12/20 22:20:08 | 00,000,000 | ---D | C] -- C:\Users\Duncan\Documents\MultiGetTemp
[2009/12/20 22:19:58 | 00,000,000 | ---D | C] -- C:\Users\Duncan\MultiGet-1.1.2-windows
[2009/10/23 13:21:04 | 07,247,360 | ---- | C] (Bethesda Softworks) -- C:\Program Files\Oblivion.exe
[2009/10/23 13:21:04 | 01,662,976 | ---- | C] (Bethesda Softworks) -- C:\Program Files\OblivionLauncher.exe

========== Files - Modified Within 14 Days ==========

[2010/01/01 00:32:23 | 03,932,160 | -HS- | M] () -- C:\Users\Duncan\NTUSER.DAT
[2010/01/01 00:25:18 | 00,021,504 | -H-- | M] () -- C:\Users\Duncan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/01 00:10:52 | 00,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/01 00:04:18 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/01 00:04:18 | 00,622,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/01 00:04:18 | 00,108,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/01 00:03:10 | 47,284,692 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/01 00:00:47 | 00,000,242 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/12/31 23:59:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/31 23:59:46 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/31 23:59:45 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/31 23:59:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/31 23:59:30 | 21,459,68128 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/31 23:55:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Duncan\Desktop\OTL.exe
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/29 23:08:13 | 03,453,212 | -H-- | M] () -- C:\Users\Duncan\AppData\Local\IconCache.db
[2009/12/29 19:13:23 | 00,001,880 | ---- | M] () -- C:\Users\Duncan\Desktop\HijackThis.lnk
[2009/12/29 15:35:12 | 00,128,231 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/29 05:41:01 | 00,001,356 | ---- | M] () -- C:\Users\Duncan\AppData\Local\d3d9caps.dat
[2009/12/29 05:17:00 | 00,001,722 | ---- | M] () -- C:\Users\Duncan\Desktop\EVE.lnk
[2009/12/20 22:17:20 | 05,293,632 | ---- | M] () -- C:\Users\Duncan\MultiGet-1.1.2-windows.rar

========== Files Created - No Company Name ==========

[2010/01/01 00:10:52 | 00,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/29 20:46:58 | 21,459,68128 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/29 19:13:23 | 00,001,880 | ---- | C] () -- C:\Users\Duncan\Desktop\HijackThis.lnk
[2009/12/29 05:17:00 | 00,001,722 | ---- | C] () -- C:\Users\Duncan\Desktop\EVE.lnk
[2009/12/20 22:19:42 | 05,293,632 | ---- | C] () -- C:\Users\Duncan\MultiGet-1.1.2-windows.rar
[2009/11/15 21:06:03 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/15 21:06:03 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/10/23 13:21:04 | 00,019,141 | ---- | C] () -- C:\Program Files\Readme.txt
[2009/10/23 13:21:04 | 00,012,766 | ---- | C] () -- C:\Program Files\Oblivion_default.ini
[2009/10/23 13:21:03 | 07,778,564 | ---- | C] () -- C:\Program Files\LauncherMusic.wav
[2009/10/23 13:21:03 | 00,338,944 | ---- | C] () -- C:\Program Files\binkw32.dll
[2009/10/23 13:21:03 | 00,040,960 | ---- | C] () -- C:\Program Files\atimgpud.dll
[2009/10/23 13:21:03 | 00,000,395 | ---- | C] () -- C:\Program Files\Bethesda.TXT
[2009/09/08 12:38:43 | 00,008,432 | ---- | C] () -- C:\Windows\System32\drivers\blbdrive.sys
[2009/09/08 12:38:39 | 00,023,155 | ---- | C] () -- C:\Windows\System32\rgadtm.dll
[2009/09/08 12:38:39 | 00,008,432 | ---- | C] () -- C:\Windows\System32\rgadta.sys
[2009/08/27 10:30:53 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/07/27 14:20:22 | 00,000,034 | ---- | C] () -- C:\Windows\etcf.ini
[2009/03/13 16:00:56 | 02,076,672 | ---- | C] () -- C:\Windows\System32\libmysql.dll
[2008/12/18 18:13:51 | 00,046,387 | ---- | C] () -- C:\Windows\php.ini
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/05/15 01:20:44 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/05/09 11:35:01 | 00,000,140 | ---- | C] () -- C:\Users\Duncan\AppData\Roaming\EV Nova Prefs.prf
[2008/05/09 11:35:01 | 00,000,060 | ---- | C] () -- C:\Users\Duncan\AppData\Roaming\EV Nova License.lcs
[2008/03/20 18:46:01 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/02/27 18:06:51 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2007/12/24 16:45:44 | 00,001,356 | ---- | C] () -- C:\Users\Duncan\AppData\Local\d3d9caps.dat
[2007/12/10 22:33:00 | 00,000,506 | ---- | C] () -- C:\Users\Duncan\AppData\Roaming\wklnhst.dat
[2007/11/08 11:26:36 | 00,021,504 | -H-- | C] () -- C:\Users\Duncan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/13 17:47:37 | 00,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2007/09/29 11:48:27 | 00,000,199 | ---- | C] () -- C:\Windows\swacnfg.ini
[2007/09/23 10:28:14 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/09/23 10:28:14 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/09/23 10:28:14 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/09/23 10:26:01 | 00,000,287 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/05/14 16:37:04 | 00,000,311 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/05/14 16:05:45 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/05/14 16:05:45 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 04:47:24 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 10:07:48 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 10:07:48 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:43:04 | 00,062,976 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:33:50 | 00,001,824 | ---- | C] () -- C:\Windows\System32\ecfwownt.dll
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2008/06/26 20:51:58 | 00,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\Snapfish
[2008/07/04 18:00:12 | 00,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\SPORE Creature Creator
[2009/08/25 12:46:18 | 00,000,000 | -HSD | M] -- C:\Users\Duncan\AppData\Roaming\.#
[2008/11/24 22:24:30 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\.BitTornado
[2009/11/15 13:37:46 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\acccore
[2009/12/17 05:15:37 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\Bioshock
[2009/04/18 16:20:35 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2009/03/11 20:51:07 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2007/10/13 17:45:49 | 00,000,000 | -H-D | M] -- C:\Users\Duncan\AppData\Roaming\ijjigame
[2007/11/01 16:37:24 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\Leadertech
[2008/10/08 12:10:11 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\MSNInstaller
[2009/09/27 13:32:07 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\MySQL
[2007/09/15 19:18:04 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\Snapfish
[2008/10/17 18:35:21 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\SPORE
[2007/12/10 22:33:01 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\Template
[2009/11/08 22:47:36 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\uqm
[2008/05/09 11:09:14 | 00,000,000 | ---D | M] -- C:\Users\Duncan\AppData\Roaming\WildTangent
[2008/01/07 13:31:38 | 00,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Snapfish
[2008/02/03 13:37:03 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Bioshock
[2008/01/01 21:06:48 | 00,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Snapfish
[2009/12/29 23:08:24 | 00,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/01 00:00:47 | 00,000,242 | -H-- | M] () -- C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 05:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 03:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 03:04:45 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/13 03:04:45 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 03:04:45 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 03:04:44 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006/11/02 05:46:03 | 00,062,976 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: LOGEVENT.DLL >
[2006/11/02 05:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 05:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 05:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 05:46:02 | 00,770,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\advapi32.dll
[2006/11/02 05:46:03 | 00,062,976 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\cngaudit.dll
[2007/12/16 07:49:22 | 00,162,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dnsapi.dll
[2008/10/21 01:16:20 | 00,297,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\gdi32.dll
[2006/11/02 05:46:05 | 00,115,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\imm32.dll
[2009/02/13 03:26:37 | 00,875,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\kernel32.dll
[2009/06/15 11:23:49 | 00,024,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\lpk.dll
[2006/11/02 05:46:06 | 00,805,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msctf.dll
[2006/11/02 05:46:10 | 00,681,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvcrt.dll
[2006/11/02 05:46:12 | 00,010,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\nsi.dll
[2006/11/02 05:47:26 | 01,162,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntdll.dll
[2006/11/02 05:46:12 | 01,314,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ole32.dll
[2009/09/08 12:38:39 | 00,023,155 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\rgadtm.dll
[2009/04/23 09:01:43 | 00,788,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rpcrt4.dll
[2006/11/02 05:47:18 | 00,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/06/15 11:28:58 | 00,072,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\secur32.dll
[2008/11/06 08:57:06 | 11,315,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shell32.dll
[2006/11/02 05:46:13 | 00,339,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shlwapi.dll
[2007/09/27 02:21:11 | 00,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2007/09/15 19:39:59 | 00,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2006/11/02 05:46:13 | 00,107,008 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\userenv.dll
[2006/11/02 05:46:13 | 00,502,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\usp10.dll
[2006/11/02 05:46:14 | 00,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\AppPatch\Custom\Custom] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA312.tmp\ZAPA312.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAF23.tmp\ZAPAF23.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD192.tmp\ZAPD192.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\temp\temp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ehome\CreateDisc\style\style] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Globalization\Globalization] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Help\Corporate\Corporate] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\inf\en-US\en-US] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6215\12.0.6215] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6215\12.0.6215] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6215\12.0.6215] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6215\12.0.6215] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.6215\12.0.6215] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\4301AEBD288588A40833184CFEC0AF92\4.0.0\4.0.0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A3100000030\8.1.3\8.1.3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Microsoft.NET\authman\authman] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ModemLogs\ModemLogs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\nap\configuration\configuration] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Panther\setup.exe\setup.exe] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Panther\Unattend\Unattend] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\PIF\PIF] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\PLA\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SchCache\SchCache] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\security\templates\templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehepg_31bf3856ad364e35_6.0.6000.16856_none_d98ceff4d1e4fb39\msil_ehepg_31bf3856ad364e35_6.0.6000.16856_none_d98ceff4d1e4fb39] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehepg_31bf3856ad364e35_6.0.6000.21051_none_da11636feb074f92\msil_ehepg_31bf3856ad364e35_6.0.6000.21051_none_da11636feb074f92] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehepg_31bf3856ad364e35_6.0.6001.18254_none_db712e06cf0d597c\msil_ehepg_31bf3856ad364e35_6.0.6001.18254_none_db712e06cf0d597c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehepg_31bf3856ad364e35_6.0.6001.22423_none_dc1a3c31e8138943\msil_ehepg_31bf3856ad364e35_6.0.6001.22423_none_dc1a3c31e8138943] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehepg_31bf3856ad364e35_6.0.6002.18030_none_dd694084cc270e89\msil_ehepg_31bf3856ad364e35_6.0.6002.18030_none_dd694084cc270e89] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehepg_31bf3856ad364e35_6.0.6002.22126_none_de03aef7e5372a6c\msil_ehepg_31bf3856ad364e35_6.0.6002.22126_none_de03aef7e5372a6c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehexthost_31bf3856ad364e35_6.0.6000.16856_none_bcd26caac1d45e84\msil_ehexthost_31bf3856ad364e35_6.0.6000.16856_none_bcd26caac1d45e84] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehexthost_31bf3856ad364e35_6.0.6000.21051_none_bd56e025daf6b2dd\msil_ehexthost_31bf3856ad364e35_6.0.6000.21051_none_bd56e025daf6b2dd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehiextens_31bf3856ad364e35_6.0.6000.16856_none_fbb5738f09d9bc79\msil_ehiextens_31bf3856ad364e35_6.0.6000.16856_none_fbb5738f09d9bc79] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehiextens_31bf3856ad364e35_6.0.6000.21051_none_fc39e70a22fc10d2\msil_ehiextens_31bf3856ad364e35_6.0.6000.21051_none_fc39e70a22fc10d2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehrecobj_31bf3856ad364e35_6.0.6000.16856_none_88cb0d5e4b2fd27e\msil_ehrecobj_31bf3856ad364e35_6.0.6000.16856_none_88cb0d5e4b2fd27e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehrecobj_31bf3856ad364e35_6.0.6000.21051_none_894f80d9645226d7\msil_ehrecobj_31bf3856ad364e35_6.0.6000.21051_none_894f80d9645226d7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehrecobj_31bf3856ad364e35_6.0.6001.18254_none_8aaf4b70485830c1\msil_ehrecobj_31bf3856ad364e35_6.0.6001.18254_none_8aaf4b70485830c1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehrecobj_31bf3856ad364e35_6.0.6001.22423_none_8b58599b615e6088\msil_ehrecobj_31bf3856ad364e35_6.0.6001.22423_none_8b58599b615e6088] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehrecobj_31bf3856ad364e35_6.0.6002.18030_none_8ca75dee4571e5ce\msil_ehrecobj_31bf3856ad364e35_6.0.6002.18030_none_8ca75dee4571e5ce] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehrecobj_31bf3856ad364e35_6.0.6002.22126_none_8d41cc615e8201b1\msil_ehrecobj_31bf3856ad364e35_6.0.6002.22126_none_8d41cc615e8201b1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehshell_31bf3856ad364e35_6.0.6000.16856_none_89800b354498898b\msil_ehshell_31bf3856ad364e35_6.0.6000.16856_none_89800b354498898b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehshell_31bf3856ad364e35_6.0.6000.21051_none_8a047eb05dbadde4\msil_ehshell_31bf3856ad364e35_6.0.6000.21051_none_8a047eb05dbadde4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehshell_31bf3856ad364e35_6.0.6001.18254_none_8b64494741c0e7ce\msil_ehshell_31bf3856ad364e35_6.0.6001.18254_none_8b64494741c0e7ce] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehshell_31bf3856ad364e35_6.0.6001.22423_none_8c0d57725ac71795\msil_ehshell_31bf3856ad364e35_6.0.6001.22423_none_8c0d57725ac71795] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehshell_31bf3856ad364e35_6.0.6002.18030_none_8d5c5bc53eda9cdb\msil_ehshell_31bf3856ad364e35_6.0.6002.18030_none_8d5c5bc53eda9cdb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_ehshell_31bf3856ad364e35_6.0.6002.22126_none_8df6ca3857eab8be\msil_ehshell_31bf3856ad364e35_6.0.6002.22126_none_8df6ca3857eab8be] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_mcstore_31bf3856ad364e35_6.0.6000.16856_none_c382579640d068df\msil_mcstore_31bf3856ad364e35_6.0.6000.16856_none_c382579640d068df] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_mcstore_31bf3856ad364e35_6.0.6000.21051_none_c406cb1159f2bd38\msil_mcstore_31bf3856ad364e35_6.0.6000.21051_none_c406cb1159f2bd38] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_mcstore_31bf3856ad364e35_6.0.6001.18254_none_c56695a83df8c722\msil_mcstore_31bf3856ad364e35_6.0.6001.18254_none_c56695a83df8c722] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_mcstore_31bf3856ad364e35_6.0.6001.22423_none_c60fa3d356fef6e9\msil_mcstore_31bf3856ad364e35_6.0.6001.22423_none_c60fa3d356fef6e9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_mcstore_31bf3856ad364e35_6.0.6002.18030_none_c75ea8263b127c2f\msil_mcstore_31bf3856ad364e35_6.0.6002.18030_none_c75ea8263b127c2f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_mcstore_31bf3856ad364e35_6.0.6002.22126_none_c7f9169954229812\msil_mcstore_31bf3856ad364e35_6.0.6002.22126_none_c7f9169954229812] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16856_none_4e7daeec98dd0021\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16856_none_4e7daeec98dd0021] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.21051_none_4f022267b1ff547a\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.21051_none_4f022267b1ff547a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.18254_none_5061ecfe96055e64\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.18254_none_5061ecfe96055e64] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.22423_none_510afb29af0b8e2b\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.22423_none_510afb29af0b8e2b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.18030_none_5259ff7c931f1371\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.18030_none_5259ff7c931f1371] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.22126_none_52f46defac2f2f54\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.22126_none_52f46defac2f2f54] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16856_none_310bfd9c5a30fd3b\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16856_none_310bfd9c5a30fd3b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.21051_none_3190711773535194\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.21051_none_3190711773535194] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18254_none_32f03bae57595b7e\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18254_none_32f03bae57595b7e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22423_none_339949d9705f8b45\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22423_none_339949d9705f8b45] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.18030_none_34e84e2c5473108b\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.18030_none_34e84e2c5473108b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.22126_none_3582bc9f6d832c6e\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.22126_none_3582bc9f6d832c6e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16856_none_2367568fcf496951\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16856_none_2367568fcf496951] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.21051_none_23ebca0ae86bbdaa\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.21051_none_23ebca0ae86bbdaa] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.18254_none_254b94a1cc71c794\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.18254_none_254b94a1cc71c794] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.22423_none_25f4a2cce577f75b\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.22423_none_25f4a2cce577f75b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.18030_none_2743a71fc98b7ca1\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.18030_none_2743a71fc98b7ca1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.22126_none_27de1592e29b9884\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.22126_none_27de1592e29b9884] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6000.16856_none_b3f8e1e3a541b720\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6000.16856_none_b3f8e1e3a541b720] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6000.21051_none_b47d555ebe640b79\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6000.21051_none_b47d555ebe640b79] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6001.18254_none_b5dd1ff5a26a1563\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6001.18254_none_b5dd1ff5a26a1563] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6001.22423_none_b6862e20bb70452a\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6001.22423_none_b6862e20bb70452a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.16856_none_cc0d5b47ccc3eaed\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.16856_none_cc0d5b47ccc3eaed] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.21051_none_cc91cec2e5e63f46\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.21051_none_cc91cec2e5e63f46] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.18254_none_cdf19959c9ec4930\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.18254_none_cdf19959c9ec4930] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.22423_none_ce9aa784e2f278f7\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.22423_none_ce9aa784e2f278f7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16856_none_2dc76e67853e96b7\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16856_none_2dc76e67853e96b7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.21051_none_2e4be1e29e60eb10\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.21051_none_2e4be1e29e60eb10] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16856_none_2d2591bf6d1e9b92\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16856_none_2d2591bf6d1e9b92] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.21051_none_2daa053a8640efeb\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.21051_none_2daa053a8640efeb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18254_none_2f09cfd16a46f9d5\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18254_none_2f09cfd16a46f9d5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22423_none_2fb2ddfc834d299c\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22423_none_2fb2ddfc834d299c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6000.21051_none_2c278cdcd527a55a\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6000.21051_none_2c278cdcd527a55a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.18254_none_2d875773b92daf44\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.18254_none_2d875773b92daf44] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.22423_none_2e30659ed233df0b\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.22423_none_2e30659ed233df0b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.18030_none_2f7f69f1b6476451\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.18030_none_2f7f69f1b6476451] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.22126_none_3019d864cf578034\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.22126_none_3019d864cf578034] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16856_none_4ff5bb3b5374b938\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16856_none_4ff5bb3b5374b938] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.21051_none_507a2eb66c970d91\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.21051_none_507a2eb66c970d91] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.18254_none_51d9f94d509d177b\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.18254_none_51d9f94d509d177b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.22423_none_5283077869a34742\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.22423_none_5283077869a34742] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.18030_none_53d20bcb4db6cc88\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.18030_none_53d20bcb4db6cc88] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.22126_none_546c7a3e66c6e86b\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.22126_none_546c7a3e66c6e86b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16856_none_36a6806716dc7c4d\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16856_none_36a6806716dc7c4d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.21051_none_372af3e22ffed0a6\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.21051_none_372af3e22ffed0a6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16856_none_ccadd391cc644f52\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16856_none_ccadd391cc644f52] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.21051_none_cd32470ce586a3ab\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.21051_none_cd32470ce586a3ab] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18254_none_ce9211a3c98cad95\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18254_none_ce9211a3c98cad95] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22423_none_cf3b1fcee292dd5c\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22423_none_cf3b1fcee292dd5c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16856_none_39f4c5c82e3a03f4\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16856_none_39f4c5c82e3a03f4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.21051_none_3a793943475c584d\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.21051_none_3a793943475c584d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.16856_none_4952759157b8412f\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.16856_none_4952759157b8412f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.21051_none_49d6e90c70da9588\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.21051_none_49d6e90c70da9588] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.18254_none_4b36b3a354e09f72\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.18254_none_4b36b3a354e09f72] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.22423_none_4bdfc1ce6de6cf39\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.22423_none_4bdfc1ce6de6cf39] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16856_none_de61cdb691632dee\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16856_none_de61cdb691632dee] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.21051_none_dee64131aa858247\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.21051_none_dee64131aa858247] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18254_none_e0460bc88e8b8c31\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18254_none_e0460bc88e8b8c31] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1025011a55a387cba627c7d487bb9326\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22423_none_e0ef19f3a791bbf8\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22423_none_e0ef19f3a791bbf8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_presentationframework_31bf3856ad364e35_6.0.6000.16780_none_747ad9e4f7170736\msil_presentationframework_31bf3856ad364e35_6.0.6000.16780_none_747ad9e4f7170736] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_presentationframework_31bf3856ad364e35_6.0.6000.20964_none_751e19961020d1a1\msil_presentationframework_31bf3856ad364e35_6.0.6000.20964_none_751e19961020d1a1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_presentationframework_31bf3856ad364e35_6.0.6001.18173_none_766ee954f432c83b\msil_presentationframework_31bf3856ad364e35_6.0.6001.18173_none_766ee954f432c83b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_presentationframework_31bf3856ad364e35_6.0.6001.22317_none_773d68b60d1c22e2\msil_presentationframework_31bf3856ad364e35_6.0.6001.22317_none_773d68b60d1c22e2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6000.16780_none_6c91d88a125bc4e7\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6000.16780_none_6c91d88a125bc4e7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6000.20964_none_55c1d5f22c055914\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6000.20964_none_55c1d5f22c055914] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6001.18173_none_6c6c8fb012ae04ca\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6001.18173_none_6c6c8fb012ae04ca] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6001.22317_none_55988bf02c5b339b\msil_system.servicemodel.ref_b77a5c561934e089_6.0.6001.22317_none_55988bf02c5b339b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_system.servicemodel_b77a5c561934e089_6.0.6000.16780_none_a51656568a4d3de0\msil_system.servicemodel_b77a5c561934e089_6.0.6000.16780_none_a51656568a4d3de0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_system.servicemodel_b77a5c561934e089_6.0.6000.20964_none_8e4653bea3f6d20d\msil_system.servicemodel_b77a5c561934e089_6.0.6000.20964_none_8e4653bea3f6d20d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_system.servicemodel_b77a5c561934e089_6.0.6001.18173_none_a4f10d7c8a9f7dc3\msil_system.servicemodel_b77a5c561934e089_6.0.6001.18173_none_a4f10d7c8a9f7dc3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\msil_system.servicemodel_b77a5c561934e089_6.0.6001.22317_none_8e1d09bca44cac94\msil_system.servicemodel_b77a5c561934e089_6.0.6001.22317_none_8e1d09bca44cac94] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_presentationcore_31bf3856ad364e35_6.0.6000.16780_none_a9f4561f930e953a\x86_presentationcore_31bf3856ad364e35_6.0.6000.16780_none_a9f4561f930e953a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_presentationcore_31bf3856ad364e35_6.0.6000.20964_none_aa9795d0ac185fa5\x86_presentationcore_31bf3856ad364e35_6.0.6000.20964_none_aa9795d0ac185fa5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_presentationcore_31bf3856ad364e35_6.0.6001.18173_none_abe8658f902a563f\x86_presentationcore_31bf3856ad364e35_6.0.6001.18173_none_abe8658f902a563f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_presentationcore_31bf3856ad364e35_6.0.6001.22317_none_acb6e4f0a913b0e6\x86_presentationcore_31bf3856ad364e35_6.0.6001.22317_none_acb6e4f0a913b0e6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6000.16780_none_1524bde6eb1c4498\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6000.16780_none_1524bde6eb1c4498] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6000.20964_none_fe54bb4f04c5d8c5\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6000.20964_none_fe54bb4f04c5d8c5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6001.18173_none_14ff750ceb6e847b\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6001.18173_none_14ff750ceb6e847b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6001.22317_none_fe2b714d051bb34c\x86_wcf-system.servicemodel_b03f5f7f11d50a3a_6.0.6001.22317_none_fe2b714d051bb34c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6000.16780_none_6c499fe65910b367\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6000.16780_none_6c499fe65910b367] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6000.20964_none_6cecdf97721a7dd2\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6000.20964_none_6cecdf97721a7dd2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6001.18173_none_6e3daf56562c746c\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6001.18173_none_6e3daf56562c746c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a1ea17498a84ce531d4dffa95e8fbc3\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6001.22317_none_6f0c2eb76f15cf13\x86_wpf-presentationframework_31bf3856ad364e35_6.0.6001.22317_none_6f0c2eb76f15cf13] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\39fd6975a63d0bd954d5977870ee8aeb\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.16850_none_b1de54a148164471\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.16850_none_b1de54a148164471] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\39fd6975a63d0bd954d5977870ee8aeb\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.21045_none_b2779aec61277a3f\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6000.21045_none_b2779aec61277a3f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\39fd6975a63d0bd954d5977870ee8aeb\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18247_none_b3d66539452e6ad2\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18247_none_b3d66539452e6ad2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\39fd6975a63d0bd954d5977870ee8aeb\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.22417_none_b48073ae5e33b3f0\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.22417_none_b48073ae5e33b3f0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\39fd6975a63d0bd954d5977870ee8aeb\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6002.18024_none_b5cf780142473936\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6002.18024_none_b5cf780142473936] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\39fd6975a63d0bd954d5977870ee8aeb\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6002.22120_none_b65513a45b6873a4\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6002.22120_none_b65513a45b6873a4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\3a4dad139008a7bdab24f2e439538d62\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\501061c0c66785b57a4b02b9abb51422\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16849_none_b6eb01ca9d7886f0\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16849_none_b6eb01ca9d7886f0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\501061c0c66785b57a4b02b9abb51422\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21044_none_b76f7545b69adb49\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21044_none_b76f7545b69adb49] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\501061c0c66785b57a4b02b9abb51422\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18246_none_b8ce3f929aa1cbdc\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18246_none_b8ce3f929aa1cbdc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\501061c0c66785b57a4b02b9abb51422\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22416_none_b9784e07b3a714fa\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22416_none_b9784e07b3a714fa] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\501061c0c66785b57a4b02b9abb51422\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18023_none_bac7525a97ba9a40\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18023_none_bac7525a97ba9a40] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\501061c0c66785b57a4b02b9abb51422\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22119_none_bb61c0cdb0cab623\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22119_none_bb61c0cdb0cab623] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\686d09f0ac25fcac373cbaa1643482ec\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\msil_system.xml_b77a5c561934e089_6.0.6000.16762_none_81c9fe7748fca83b\msil_system.xml_b77a5c561934e089_6.0.6000.16762_none_81c9fe7748fca83b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\msil_system.xml_b77a5c561934e089_6.0.6000.20935_none_6af9125d62a70970\msil_system.xml_b77a5c561934e089_6.0.6000.20935_none_6af9125d62a70970] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\msil_system.xml_b77a5c561934e089_6.0.6001.18155_none_81a4b59d494ee81e\msil_system.xml_b77a5c561934e089_6.0.6001.18155_none_81a4b59d494ee81e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\msil_system.xml_b77a5c561934e089_6.0.6001.22286_none_6ad9f8f362f3adca\msil_system.xml_b77a5c561934e089_6.0.6001.22286_none_6ad9f8f362f3adca] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_mscorlib_b77a5c561934e089_6.0.6000.16762_none_c7e05da6c10537b1\x86_mscorlib_b77a5c561934e089_6.0.6000.16762_none_c7e05da6c10537b1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_mscorlib_b77a5c561934e089_6.0.6000.20935_none_b10f718cdaaf98e6\x86_mscorlib_b77a5c561934e089_6.0.6000.20935_none_b10f718cdaaf98e6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_mscorlib_b77a5c561934e089_6.0.6001.18155_none_c7bb14ccc1577794\x86_mscorlib_b77a5c561934e089_6.0.6001.18155_none_c7bb14ccc1577794] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_mscorlib_b77a5c561934e089_6.0.6001.22286_none_b0f05822dafc3d40\x86_mscorlib_b77a5c561934e089_6.0.6001.22286_none_b0f05822dafc3d40] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6000.16762_none_c512af208bf2fb22\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6000.16762_none_c512af208bf2fb22] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6000.20935_none_ae41c306a59d5c57\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6000.20935_none_ae41c306a59d5c57] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6001.18155_none_c4ed66468c453b05\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6001.18155_none_c4ed66468c453b05] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6001.22286_none_ae22a99ca5ea00b1\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6001.22286_none_ae22a99ca5ea00b1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6000.16762_none_2b4b4f7b068da809\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6000.16762_none_2b4b4f7b068da809] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6000.20935_none_147a63612038093e\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6000.20935_none_147a63612038093e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6001.18155_none_2b2606a106dfe7ec\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6001.18155_none_2b2606a106dfe7ec] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6001.22286_none_145b49f72084ad98\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6001.22286_none_145b49f72084ad98] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6000.16762_none_bf86820f30d9343c\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6000.16762_none_bf86820f30d9343c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6000.20935_none_a8b595f54a839571\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6000.20935_none_a8b595f54a839571] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6001.18155_none_bf613935312b741f\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6001.18155_none_bf613935312b741f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6001.22286_none_a8967c8b4ad039cb\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6001.22286_none_a8967c8b4ad039cb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6000.16762_none_32872c942e8c9c36\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6000.16762_none_32872c942e8c9c36] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6000.20935_none_1bb6407a4836fd6b\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6000.20935_none_1bb6407a4836fd6b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6001.18155_none_3261e3ba2ededc19\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6001.18155_none_3261e3ba2ededc19] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6001.22286_none_1b9727104883a1c5\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6001.22286_none_1b9727104883a1c5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-web_engine_dll_b03f5f7f11d50a3a_6.0.6000.16762_none_36c9199b379581a8\x86_netfx-web_engine_dll_b03f5f7f11d50a3a_6.0.6000.16762_none_36c9199b379581a8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-web_engine_dll_b03f5f7f11d50a3a_6.0.6000.20935_none_1ff82d81513fe2dd\x86_netfx-web_engine_dll_b03f5f7f11d50a3a_6.0.6000.20935_none_1ff82d81513fe2dd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-web_engine_dll_b03f5f7f11d50a3a_6.0.6001.18155_none_36a3d0c137e7c18b\x86_netfx-web_engine_dll_b03f5f7f11d50a3a_6.0.6001.18155_none_36a3d0c137e7c18b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_netfx-web_engine_dll_b03f5f7f11d50a3a_6.0.6001.22286_none_1fd91417518c8737\x86_netfx-web_engine_dll_b03f5f7f11d50a3a_6.0.6001.22286_none_1fd91417518c8737] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_system.data.oracleclient_b77a5c561934e089_6.0.6000.16762_none_f35fb423dcd1f51e\x86_system.data.oracleclient_b77a5c561934e089_6.0.6000.16762_none_f35fb423dcd1f51e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_system.data.oracleclient_b77a5c561934e089_6.0.6000.20935_none_dc8ec809f67c5653\x86_system.data.oracleclient_b77a5c561934e089_6.0.6000.20935_none_dc8ec809f67c5653] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_system.data.oracleclient_b77a5c561934e089_6.0.6001.18155_none_f33a6b49dd243501\x86_system.data.oracleclient_b77a5c561934e089_6.0.6001.18155_none_f33a6b49dd243501] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_system.data.oracleclient_b77a5c561934e089_6.0.6001.22286_none_dc6fae9ff6c8faad\x86_system.data.oracleclient_b77a5c561934e089_6.0.6001.22286_none_dc6fae9ff6c8faad] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_system.web_b03f5f7f11d50a3a_6.0.6000.16762_none_f7518453162d8955\x86_system.web_b03f5f7f11d50a3a_6.0.6000.16762_none_f7518453162d8955] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_system.web_b03f5f7f11d50a3a_6.0.6000.20935_none_e08098392fd7ea8a\x86_system.web_b03f5f7f11d50a3a_6.0.6000.20935_none_e08098392fd7ea8a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_system.web_b03f5f7f11d50a3a_6.0.6001.18155_none_f72c3b79167fc938\x86_system.web_b03f5f7f11d50a3a_6.0.6001.18155_none_f72c3b79167fc938] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\815b68a9a2ec5cead5c3645c100fb620\x86_system.web_b03f5f7f11d50a3a_6.0.6001.22286_none_e0617ecf30248ee4\x86_system.web_b03f5f7f11d50a3a_6.0.6001.22286_none_e0617ecf30248ee4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16870_none_b38e38f92205f4f7\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16870_none_b38e38f92205f4f7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.21067_none_b4297fd83b155d73\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.21067_none_b4297fd83b155d73] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.18272_none_b57678331f2ab896\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.18272_none_b57678331f2ab896] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.22450_none_b613b6283839eaf7\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.22450_none_b613b6283839eaf7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18051_none_b7718b8f1c41b9a8\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18051_none_b7718b8f1c41b9a8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.22152_none_b7fc28a4355e72c9\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.22152_none_b7fc28a4355e72c9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91da06e01fd6fd53b1ab1ec9d4331a39\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\956265f76761cb18457ff43786326b7b\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.16697_none_4ab261cabc69e490\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.16697_none_4ab261cabc69e490] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\956265f76761cb18457ff43786326b7b\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.20852_none_4b623eb9d56b930a\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.20852_none_4b623eb9d56b930a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\956265f76761cb18457ff43786326b7b\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.18085_none_4ca16fc8b98a26e2\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.18085_none_4ca16fc8b98a26e2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\956265f76761cb18457ff43786326b7b\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.22197_none_4d223d3bd2ae154b\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.22197_none_4d223d3bd2ae154b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16890_none_a983db53f5f2f2c6\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16890_none_a983db53f5f2f2c6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21089_none_aa2122c70f008df0\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21089_none_aa2122c70f008df0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16890_none_29ae416e684b83a1\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16890_none_29ae416e684b83a1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21089_none_2a4b88e181591ecb\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21089_none_2a4b88e181591ecb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16890_none_625ae279b1416e1f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21089_none_62f829ecca4f0949] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22475_none_64e5611ac770e2d2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18071_none_663e350fab7d32d0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22180_none_66bc01a4c4a3d534] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.16890_none_68d125be8a7d6af6\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.16890_none_68d125be8a7d6af6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.21089_none_696e6d31a38b0620\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.21089_none_696e6d31a38b0620] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.18294_none_6abb658c87a06143\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.18294_none_6abb658c87a06143] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.22475_none_6b5ba45fa0acdfa9\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.22475_none_6b5ba45fa0acdfa9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16890_none_45e15f41468729ca\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16890_none_45e15f41468729ca] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21089_none_467ea6b45f94c4f4\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21089_none_467ea6b45f94c4f4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16890_none_10fb8876254bdff2\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16890_none_10fb8876254bdff2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21089_none_1198cfe93e597b1c\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21089_none_1198cfe93e597b1c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18294_none_12e5c844226ed63f\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18294_none_12e5c844226ed63f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22475_none_138607173b7b54a5\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22475_none_138607173b7b54a5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18071_none_14dedb0c1f87a4a3\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18071_none_14dedb0c1f87a4a3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22180_none_155ca7a138ae4707\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22180_none_155ca7a138ae4707] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16890_none_5853f54067606bfb\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16890_none_5853f54067606bfb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21089_none_58f13cb3806e0725\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21089_none_58f13cb3806e0725] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16890_none_e6544ef894c4c257\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16890_none_e6544ef894c4c257] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21089_none_e6f1966badd25d81\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21089_none_e6f1966badd25d81] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16890_none_c3892afe619bae44] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21089_none_c42672717aa9496e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16890_none_0afc8414d73f8209\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16890_none_0afc8414d73f8209] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\9da6aac5b83727e1f81569550fb3f286\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21089_none_0b99cb87f04d1d33\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21089_none_0b99cb87f04d1d33] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a0f675af602fab14d8ec1c1e7e313f1d\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.16891_none_d406d35b8367d5f1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6000.21090_none_d48f47fe9c868fa6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.18295_none_d5f11329808acc3e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6001.22476_none_d69151fc99974aa4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.18072_none_d7ea25f17da39aa2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a3727e909e12c210a7a4be6cf1bce78a\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06\x86_microsoft-windows-ehome-ehkeyctl_31bf3856ad364e35_6.0.6002.22181_none_d867f28696ca3d06] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60c97fc740bd\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60c97fc740bd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb35f7a03056e\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb35f7a03056e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f32269ef920d2beaa5d6b00fee2148ed\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16786_none_22973f0ac53847c2\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16786_none_22973f0ac53847c2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f32269ef920d2beaa5d6b00fee2148ed\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.20971_none_2326ac35de524a0f\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.20971_none_2326ac35de524a0f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f32269ef920d2beaa5d6b00fee2148ed\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18178_none_248a4e30c254ef70\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18178_none_248a4e30c254ef70] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f32269ef920d2beaa5d6b00fee2148ed\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.22323_none_2544fb0bdb4e81f9\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.22323_none_2544fb0bdb4e81f9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Sun\Java\Deployment\Deployment] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\0409\0409] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Adobe\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Branding\en-US\en-US] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\com\dmp\dmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\Journal\Journal] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Messenger\Messenger] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\10] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\12] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\13] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\14] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\16] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\17] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\19] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\20] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\21] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\27] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\28] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\29] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\30] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\31] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\33] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\34] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\35] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\36] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\37] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\38] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\39] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\40] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\41] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\42] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\43] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\44] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\49] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\50] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\51] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\53] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\54] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\55] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\56] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\58] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\60] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\61] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\63] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\host] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin\muffin] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\GroupPolicy\Machine\Machine] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\inetsrv\inetsrv] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\MUI\dispspec\dispspec] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\setup\en-US\en-US] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\SMI\Manifests\Manifests] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\spool\drivers\IA64\IA64] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\spool\drivers\x64\x64] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\spool\PRINTERS\PRINTERS] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\spool\SERVERS\SERVERS] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\DiskDiagnostic] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Tasks\Microsoft\Windows\RestartManager\RestartManager] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\wbem\MOF\bad\bad] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\wbem\MOF\good\good] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\WDI\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\winevt\TraceFormat\TraceFormat] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\~msdt\tools\tools] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\i_setup\i_setup] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\Patcher1632\Patcher1632] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\Patcher6112\Patcher6112] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu2561.tmp\slu2561.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu272b.tmp\slu272b.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu2944.tmp\slu2944.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu342f.tmp\slu342f.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu3453.tmp\slu3453.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu34e5.tmp\slu34e5.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu3506.tmp\slu3506.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu50ed.tmp\slu50ed.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu5359.tmp\slu5359.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu53f0.tmp\slu53f0.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu5ee8.tmp\slu5ee8.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu602b.tmp\slu602b.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu63c.tmp\slu63c.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu645f.tmp\slu645f.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu6805.tmp\slu6805.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu6fa6.tmp\slu6fa6.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu7da4.tmp\slu7da4.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu8c4.tmp\slu8c4.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slua74.tmp\slua74.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\SxsTemp\SxsTemp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\tracing\tracing] -> \Device\__max++>\^ -> Mount Point
< End of report >




OTL Extras logfile created on: 01/01/2010 12:32:10 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Duncan\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.05 Gb Total Space | 13.27 Gb Free Space | 5.92% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 1.01 Gb Free Space | 11.46% Space Free | Partition Type: NTFS
Drive E: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 245.59 Mb Total Space | 194.78 Mb Free Space | 79.31% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DUNCAN-PC
Current User Name: Duncan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1889157169-104626387-3461231354-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A15F23A-B519-4F17-ADB9-25685697096A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3B40814F-CCF2-423B-BBB5-46865D748713}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6765AF5E-3B42-45C6-B572-53137A498489}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{80AD713E-BB46-41F1-A008-81BFB4DE698E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8C86BC10-D92A-4FE9-A9B6-C5420184EE14}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97D16894-8CF6-4965-95BA-CCCC028D85B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B6ACAA28-FFBF-409B-AE03-7AB1FB1B1B90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BE8B4E34-26E9-4153-9435-58515C9CC5C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1DACD65-103C-4210-8E78-460F687BE143}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{DAE9AA0C-D446-4A77-A8F9-82D52EF4FC44}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FCE2DAB9-0C2C-4CC7-B5D8-670B8C427667}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B56D2E9-EC37-40BA-9C8E-5E0B506A023E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0B827D12-1989-4C81-9257-3A7C212FC2FB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0C9AEADA-C1FF-45E7-A9F4-1B7587A6A400}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0D5AAE1A-4CB4-4508-B7DE-FC3084CEDA3B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0E9E15F3-EE72-4627-864C-A3426E56552F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1140B03C-4C56-4EB9-B12D-68359E733ACF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{208A9517-052B-4BDA-A7B9-CEE3C4EDF867}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sacrifice\sacrifice.exe |
"{231D3AF3-ADB0-47F5-94D9-2BEF1FEA9F59}" = protocol=17 | dir=in | app=c:\users\duncan\appdata\local\temp\7zse4e7.tmp\symnrt.exe |
"{23EE7589-8159-474F-99F7-F52CA059EF6E}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{296BAAE0-BC98-4022-A6FD-1B832591ACFE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C7876FC-54D1-4E3A-B6B1-0DB8DEC78D3F}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{2E38EEBE-F60A-4687-ABD3-3B07E3EC3937}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{2E557DC2-819A-4D7E-A6BA-81D25C9F9BA6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{36A3C095-737B-44BE-AAFA-7C2D41372986}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{41284DF5-15EC-4B80-91AC-073046417749}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{44165D9B-6A26-4642-B2FC-8B46CDE2D952}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sacrifice\sacrifice.exe |
"{45532346-444B-4B30-8B42-94576AC94BA0}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{482B4918-5CC9-4559-B9EA-7664D8FEC385}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{4C4D36E8-11FE-459B-AE6F-28C130E09A06}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{53D9D0C6-1E0A-4898-A20B-9AF046D3E9BA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5A66C907-A82C-4EE6-9DD6-CD33529183CE}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{5A9D2CA4-9108-4C8A-AF8C-7A590C8A0DF5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5CDAAB12-0A75-4C54-8A17-9525583A4E7B}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{5FB9CE03-934D-4933-8D70-F290D40C3E18}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{64E7C9CB-717B-4493-8CB0-64AF539FBE7A}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{6552A7C9-E4E3-41D5-B3A4-6BC3C24506A2}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{6996B820-29AC-402E-B601-65FC92FEA1C1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E30347F-98AB-4587-B06B-8F325650E421}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6F670D3C-E932-48FA-86B5-F19F9C584355}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{76B2BABF-7446-42DC-A330-B012E1122BB5}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7A818DDB-5BC2-4DA4-866F-278A9ACF7C80}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8666BB9B-12C6-441A-8278-DAB57D22505D}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{92328C46-923A-4BEB-B9A9-13C85F604698}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{939A788A-D78A-47FC-AA7F-319AB24BF63E}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearxp\fearxp.exe |
"{9BFDBF75-3F0B-46D7-A7FF-4E159191C197}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A76BB30B-499A-4E55-A0BA-DDBCEDEA80CD}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{A9EC5395-8A2F-4E39-8842-E736EAB4CFDE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A9F5C9A9-027D-4CE4-8A7D-109844076FA4}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AA0B8245-C0A5-4B5E-B05A-CA06323B6F8B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AE571B58-0A10-4460-A312-453787F86E47}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B197FA54-4767-4775-8832-1A27A7BA391E}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{B24CA168-4302-4FF6-843B-09EB45735854}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B405A495-27F9-4C6C-9F7E-09324FAB7679}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{B4D3ED54-FF91-4459-A157-C8CD3DC3ECAA}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{BB31FDF5-52A8-449B-AD84-0ABCBE316023}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C339A657-18C8-4205-9A4D-85560D0E05C1}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{CD16FBF5-1AD9-4F7D-B5A3-99725283DCC6}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CFE8E340-1BFB-4947-AC78-08D05F43F3EA}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{D030B0EB-286B-44EB-A501-785B5F917DF5}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{D1534FB0-0D07-43C2-AFC2-89468FC0A70D}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{D4FB8445-8AE8-4F47-B347-F6C50F05FE28}" = protocol=6 | dir=in | app=c:\users\duncan\appdata\local\temp\7zse4e7.tmp\symnrt.exe |
"{DF6BE998-DCB3-491D-ADA2-43ACCB76ED03}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{E250F887-717F-4A95-8F98-41641E3352F9}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{E4F2CA6C-1F27-4999-B180-1CFC0DDA7BBE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F19C738F-7BC4-4257-B354-0BAC547DB8B5}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{F36EDFDF-AE48-46EC-BF44-F4E3C53890FB}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{F95372AE-9877-44EE-86B2-84F2EF21E3A4}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{FC271454-AB5B-4ADD-8AFD-BCF5CF019910}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{FE93A244-2DFC-496D-9DC1-A58CEBF824DE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{93ACEAD8-DE7C-4EED-BDD6-14A536395AB6}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{1245D9FC-DD3D-421A-A392-785E68FFAF2A}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33C3FB8A-B803-435D-AB5E-5A20E2294B94}" = 505 Game Collection
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3A862C7D-0504-48BC-AEF8-7F7479C7C158}" = Apache HTTP Server 2.0.63
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71414EC2-0684-4A15-A85A-E0E259D117AF}" = Microangelo Toolset 6
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DBACBFE4-F79E-4AFB-A7C3-463555B8446B}" = MySQL Server 5.0
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F70C2B4F-B6BF-4BB0-B67A-7ECD589181C5}" = MySQL Tools for 5.0
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"COH" = City of Villains/City of Heroes (remove only)
"Diablo II" = Diablo II
"Director 8.5 Shockwave Studio Trial" = Director 8.5 Shockwave Studio Trial
"Episode 1 - Homestar Ruiner" = Strong Bad - Strong Bad Episode 1 - Homestar Ruiner
"EV Nova" = EV Nova (remove only)
"EVE" = EVE Online (remove only)
"FileZilla Server" = FileZilla Server (remove only)
"Halo" = Microsoft Halo
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"IconPackager" = IconPackager
"InstallShield_{33C3FB8A-B803-435D-AB5E-5A20E2294B94}" = 505 Game Collection
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Macromedia Director MX 2004" = Macromedia Director MX 2004
"Macromedia Shockwave Multiuser Server 3.0" = Macromedia Shockwave Multiuser Server 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"On the Rain-Slick Precipice of Darkness, Episode One" = On the Rain-Slick Precipice of Darkness, Episode One
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"SaddleBag" = SaddleBag (remove only)
"Sins of a Solar Empire" = Sins of a Solar Empire
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spring" = Spring 0.75b2
"ST6UNST #1" = Hero Editor V0.90
"Starcraft" = Starcraft
"Steam App 20700" = Starscape
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 38440" = Sacrifice
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The Ur-Quan Masters" = The Ur-Quan Masters 0.6.2
"Total Annihilation" = Total Annihilation
"Total Annihilation - Battle Tactics" = Total Annihilation - Battle Tactics
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WinAce Archiver" = WinAce Archiver
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1889157169-104626387-3461231354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/09/2008 4:21:01 AM | Computer Name = Duncan-PC | Source = Application Error | ID = 1000
Description = Faulting application SporeApp.exe, version 1.1.0.338, time stamp 0x4897d819,
faulting module SporeApp.exe, version 1.1.0.338, time stamp 0x4897d819, exception
code 0xc0000005, fault offset 0x00ab312f, process id 0x10a4, application start time
0x01c919a752dfad8b.

Error - 20/09/2008 3:52:47 AM | Computer Name = Duncan-PC | Source = Application Error | ID = 1000
Description = Faulting application SporeApp.exe, version 1.1.0.338, time stamp 0x4897d819,
faulting module SporeApp.exe, version 1.1.0.338, time stamp 0x4897d819, exception
code 0xc0000005, fault offset 0x00ab312f, process id 0x1078, application start time
0x01c91a89d0ec6f52.

Error - 22/09/2008 4:40:46 AM | Computer Name = Duncan-PC | Source = Application Error | ID = 1000
Description = Faulting application SporeApp.exe, version 1.1.0.338, time stamp 0x4897d819,
faulting module SporeApp.exe, version 1.1.0.338, time stamp 0x4897d819, exception
code 0xc0000005, fault offset 0x00168000, process id 0x620, application start time
0x01c91c6a9b7639e4.

Error - 27/09/2008 8:19:26 AM | Computer Name = Duncan-PC | Source = Application Hang | ID = 1002
Description = The program Meridian Advance.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13a0 Start Time: 01c9209a801de616 Termination Time: 131

Error - 27/09/2008 8:19:55 AM | Computer Name = Duncan-PC | Source = Application Hang | ID = 1002
Description = The program Meridian Advance.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 420 Start Time: 01c9209b4a9198b6 Termination Time: 44

Error - 27/09/2008 8:20:52 AM | Computer Name = Duncan-PC | Source = Application Hang | ID = 1002
Description = The program Meridian Advance.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13c8 Start Time: 01c9209b5a9af946 Termination Time: 63

Error - 28/09/2008 4:03:51 AM | Computer Name = Duncan-PC | Source = Application Error | ID = 1000
Description = Faulting application nwn2main.exe, version 1.0.13.1409, time stamp
0x4893a5ab, faulting module nwn2main.exe, version 1.0.13.1409, time stamp 0x4893a5ab,
exception code 0xc0000005, fault offset 0x00451947, process id 0x1330, application
start time 0x01c9213f5d88dfb6.

Error - 02/10/2008 2:09:41 PM | Computer Name = Duncan-PC | Source = Application Hang | ID = 1002
Description = The program CityOfHeroes.exe version 1.0.0.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: fb4 Start Time: 01c9247cbbc20e0e Termination Time: 6297

Error - 05/10/2008 10:27:33 AM | Computer Name = Duncan-PC | Source = VSS | ID = 8194
Description =

Error - 05/10/2008 10:28:23 AM | Computer Name = Duncan-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 28/08/2008 9:44:39 AM | Computer Name = Duncan-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 29/04/2009 10:30:39 PM | Computer Name = Duncan-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 04/10/2009 1:28:37 PM | Computer Name = Duncan-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 22/10/2009 10:14:10 AM | Computer Name = Duncan-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/10/2009 10:14:10 AM | Computer Name = Duncan-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 22/10/2009 10:27:38 AM | Computer Name = Duncan-PC | Source = DCOM | ID = 10000
Description =

Error - 23/10/2009 11:52:00 AM | Computer Name = Duncan-PC | Source = DCOM | ID = 10000
Description =

Error - 23/10/2009 1:06:56 PM | Computer Name = Duncan-PC | Source = WinDefend | ID = 1008
Description = %%827 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=143471

Scan
ID: {FE5EAAC8-8578-4B2C-8C3B-41BD7DC6D7D1} Scan Type: %%802 User: Duncan-PC\Duncan

Name:
Trojan:Win32/Alureon.gen!U ID: 143471 Severity ID: 5 Category ID: 8 Path: Action: %%811

Error
Code: 0x80508022 Error description: To finish removing spyware and other potentially
unwanted software, restart the computer.

Error - 23/10/2009 1:08:16 PM | Computer Name = Duncan-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 23/10/2009 1:08:16 PM | Computer Name = Duncan-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 23/10/2009 1:09:12 PM | Computer Name = Duncan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/10/2009 1:12:04 PM | Computer Name = Duncan-PC | Source = DCOM | ID = 10000
Description =

Error - 24/10/2009 2:13:06 PM | Computer Name = Duncan-PC | Source = DCOM | ID = 10000
Description =


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:37 AM

Posted 01 January 2010 - 12:51 PM

The screen shots aren't necessary unless you need one to elaborate on something that's difficult to otherwise explain. And I do prefer the logs to be copied and pasted just like you did. :(

Please download and run Win32kDiag:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 DuncanR

DuncanR
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 01 January 2010 - 04:58 PM

Quick update: I've installed and run Win32kDiag.exe, but it's been going for four or five hours already. It keeps generating messages like "Cannot access: C:\Windows\System32\mrt.exe" that seem to be followed by long delays.

I'll leave it overnight if I have to, and post the result when it's done.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:37 AM

Posted 02 January 2010 - 09:23 AM

If you don't have the log by the time you read this, just stop win32kdiag and do this instead.
First make sure that you have win32kdiag.exe located on your desktop.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 DuncanR

DuncanR
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 02 January 2010 - 01:19 PM

I just checked it, and after running for 20 minutes shy of 24 hours, it's still not done. I stopped it and followed your instructions with the run command; it started up again, and started running well enough, but then got caught on a similar long delay after displaying the following:


Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
[1] 2010-01-01 15:24:09 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()


It seems similar to what it was generatign before. I'll leave it running all afternoon while I'm out of the house, and get back to you then.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:37 AM

Posted 02 January 2010 - 03:51 PM

It shouldn't take anywhere near that long to run. It may be conflicting with something that's running already. If you find it still running after a few hours just stop it. Then reboot into safe mode and run that same command again.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 DuncanR

DuncanR
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 02 January 2010 - 04:45 PM

That seemed to work!

When I try to post the log directly, the forum says the post is too long, so I'll attach it as a file for now. Let me know if you want me to post it in two parts or something.

Quick Update: Out of curiosity, I started up one of my games that previously refused to start up... and it worked! It would seem that the healing has begun!

Now I'm scared I'm going to mess it up again. Please let me know if I should avoid using the computer until your completely finished with it.

Attached Files


Edited by DuncanR, 02 January 2010 - 04:52 PM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:37 AM

Posted 03 January 2010 - 09:17 AM

Until we've completely removed the infection it is best if you try to minimize your use of the computer.

We need to scan the system with this special tool.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

=======================


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 DuncanR

DuncanR
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 05 January 2010 - 03:45 AM

Very sorry for the delay! Followed all instructions as best I could, but hit a few speed-bumps.

When I activated Junction.exe using "Run," it caused a console window to appear for an instant and then immediately close. When I opened Junction.exe directly, it asked me to accept the user agreement, which I did; it then caused a console window to blink open, just as before. I was unable to find any log files that seemed connected to it.

When I ran ComboFix, it informed me that AVG Antivirus was active, and that I should deactivate it before continuing. I attempted to do so, closing the icon in the system tray and checking with the Task Manager for open programs or processes. When I told ComboFix to continue, it warned me that AVG was still active, and that I was taking my life into my own hands by not following it's advice. I immediately did some more looking around, but couldn't find any AVG related software to shut down. I likely suck at finding things. I eventually decided to uninstal AVG completely, but got an error message at the end, saying the un-installation had failed. There wasn't any back button, so I had ComboFix continue regardless, and then ate a few extra-strength antacid tablets while I waited. It didn't kick back any readily apparent problems as it ran, and generated the log below after rebooting.

Something odd after the computer rebooted: When I tried to visit this forum, Firefox failed to open and popped up an error reading "Illegal operation attempted on a registry key that has been marked for deletion." The same went for notepad when I tried to view the log file. Everything else I've tried to open is the same; nothing opens at all. However, when I right click any of these applications and "Run as Administrator," they seemingly open up just fine

Unfortunately, there's no option to open up the control panel "as an administrator."

:(




ComboFix 10-01-04.01 - Duncan 05/01/2010 3:55.1.2 - x86
Running from: c:\users\Duncan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1889157169-104626387-3461231354-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-345137716-923818646-781242929-500
C:\data
c:\users\Duncan\AppData\Roaming\.#
c:\windows\run.log
c:\windows\system32\drivers\blbdrive.sys
c:\windows\system32\kbiwkmpoqhhriw.dat
c:\windows\system32\kbiwkmsespwjdn.dat

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmqkkmtaqb
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_kbiwkmqkkmtaqb


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 08:04 . 2010-01-05 08:07 -------- d-----w- c:\users\Duncan\AppData\Local\temp
2010-01-05 08:04 . 2010-01-05 08:04 -------- d-----w- c:\users\Jonathan\AppData\Local\temp
2010-01-05 08:04 . 2010-01-05 08:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-05 08:04 . 2010-01-05 08:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-05 08:04 . 2010-01-05 08:04 -------- d-----w- c:\users\Cameron\AppData\Local\temp
2010-01-05 08:04 . 2010-01-05 08:04 -------- d-----w- c:\users\Admin Test\AppData\Local\temp
2010-01-05 07:38 . 2007-07-24 19:58 95616 ----a-w- c:\windows\junction.exe
2010-01-05 00:35 . 2010-01-05 00:35 -------- d-----w- c:\users\Duncan\Website Stuff
2010-01-04 23:53 . 2010-01-05 01:30 -------- d-----w- c:\users\Duncan\AppData\Roaming\FileZilla
2010-01-04 23:53 . 2010-01-04 23:53 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-03 10:16 . 2010-01-03 10:16 -------- d-----w- c:\users\Admin Test\AppData\Local\VirtualStore
2010-01-01 04:10 . 2010-01-01 04:10 -------- d-----w- c:\users\Duncan\AppData\Roaming\Malwarebytes
2010-01-01 04:10 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 04:10 . 2010-01-01 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 04:10 . 2010-01-01 04:10 -------- d-----w- c:\programdata\Malwarebytes
2010-01-01 04:10 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 04:08 . 2010-01-05 07:52 -------- d-----w- c:\users\Duncan\Bleeping Computer Stuff
2009-12-29 23:13 . 2009-12-29 23:13 -------- d-----w- c:\program files\Trend Micro
2009-12-29 09:34 . 2009-12-29 09:34 -------- d-----w- c:\users\Duncan\AppData\Local\CCP
2009-12-29 09:17 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-12-29 05:11 . 2009-12-29 05:11 -------- d-----w- c:\programdata\CCP
2009-12-29 05:11 . 2009-12-29 05:11 -------- d-----w- c:\program files\CCP
2009-12-21 02:19 . 2010-01-04 23:52 -------- d-----w- c:\users\Duncan\MultiGet-1.1.2-windows

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 08:09 . 2007-10-31 23:16 -------- d-----w- c:\program files\Steam
2010-01-05 07:50 . 2009-09-14 19:11 -------- d-----w- c:\programdata\avg8
2010-01-03 10:16 . 2009-12-17 04:04 89936 ----a-w- c:\users\Admin Test\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-03 10:15 . 2007-10-31 23:17 -------- d-----w- c:\program files\Common Files\Steam
2009-12-30 00:55 . 2008-10-28 01:22 -------- d-----w- c:\program files\Java
2009-12-29 23:48 . 2008-07-28 21:48 -------- d-----w- c:\users\Duncan\AppData\Roaming\Apple Computer
2009-12-29 09:41 . 2007-12-24 20:45 1356 ----a-w- c:\users\Duncan\AppData\Local\d3d9caps.dat
2009-12-29 09:40 . 2008-05-15 04:38 -------- d-----w- c:\program files\Diablo II
2009-12-21 20:34 . 2009-12-21 20:34 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-21 20:27 . 2010-01-04 16:29 2066200 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-12-17 09:15 . 2007-12-25 00:27 -------- d-----w- c:\users\Duncan\AppData\Roaming\Bioshock
2009-11-16 01:06 . 2009-11-16 01:06 -------- d-----w- c:\program files\Xvid
2009-11-15 17:37 . 2009-11-15 17:37 -------- d-----w- c:\users\Duncan\AppData\Roaming\acccore
2009-11-15 17:36 . 2009-11-15 17:36 -------- d-----w- c:\programdata\AIM
2009-11-15 17:36 . 2009-11-15 17:36 -------- d-----w- c:\program files\AIM
2009-11-15 17:36 . 2009-11-15 17:36 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-11-15 17:36 . 2007-12-08 00:05 -------- d-----w- c:\program files\Common Files\AOL
2009-11-12 02:56 . 2007-10-17 21:16 -------- d-----w- c:\program files\The Ur-Quan Masters
2009-11-09 02:47 . 2007-10-17 21:16 -------- d-----w- c:\users\Duncan\AppData\Roaming\uqm
2009-11-03 00:42 . 2009-10-03 13:49 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-11 08:17 . 2009-09-11 14:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-05-04 13:58 . 2009-10-23 17:21 19141 ----a-w- c:\program files\Readme.txt
2006-04-25 19:31 . 2009-10-23 17:21 7247360 ----a-w- c:\program files\Oblivion.exe
2006-04-06 14:25 . 2009-10-23 17:21 1662976 ----a-w- c:\program files\OblivionLauncher.exe
2006-02-24 13:14 . 2009-10-23 17:21 12766 ----a-w- c:\program files\Oblivion_default.ini
2005-09-16 10:03 . 2009-10-23 17:21 40960 ----a-w- c:\program files\atimgpud.dll
2005-09-09 19:08 . 2009-10-23 17:21 7778564 ----a-w- c:\program files\LauncherMusic.wav
2005-01-08 21:53 . 2009-10-23 17:21 338944 ----a-w- c:\program files\binkw32.dll
2002-04-18 18:04 . 2009-10-23 17:21 395 ----a-w- c:\program files\Bethesda.TXT
2007-09-16 14:16 . 2007-09-16 14:16 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-01-03 1217808]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-15 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-21 2043160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rgadtm]
2009-09-08 16:38 23155 ----a-w- c:\windows\System32\rgadtm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-09-14 908056]
R4 Shasvctlp;Shasvctlp;c:\windows\system32\drivers\NV_AGP.SYS [2006-11-02 106600]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-14 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-14 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-14 297752]
S2 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=c:\program files\MySQL\MySQL Server 5.0\my.ini MySQL5 [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://webmail.northernelectric.ca/horde/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Duncan\AppData\Roaming\Mozilla\Firefox\Profiles\btccxuwo.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.northernelectric.ca/horde/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

AddRemove-Oblivion mod manager_is1 - c:\program files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe
AddRemove-SaddleBag - c:\program files\Bethesda Softworks\Oblivion\Data\SaddleBag Uninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 04:09
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1889157169-104626387-3461231354-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,dd,ea,28,2d,65,99,ca,ed,53,3d,34,7a,fc,a7,8c,97,90,7f,5d,1b,f8,32,
98,07,ec,25,43,28,a1,81,e1,d5,f8,0f,00,1f,2a,a7,fb,94,e4,6b,65,f2,89,72,47,\
"??"=hex:30,77,49,25,76,46,6a,bc,cf,e9,1c,c3,2c,1f,78,84

[HKEY_USERS\S-1-5-21-1889157169-104626387-3461231354-1000\Software\SecuROM\License information*]
"datasecu"=hex:18,0d,ec,b4,04,f4,80,b5,96,d8,fd,82,c7,8c,de,c5,cd,52,b5,ce,da,
78,41,f7,95,cf,36,ea,77,10,86,0d,d4,17,1f,51,8f,89,ac,df,f0,8c,ff,1d,08,d4,\
"rkeysecu"=hex:29,51,72,6e,ce,65,6d,19,3a,19,a9,9f,3e,88,26,0d

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Apache Group\Apache2\bin\Apache.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2010-01-05 04:17:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 08:17

Pre-Run: 22,319,673,344 bytes free
Post-Run: 23,485,784,064 bytes free

- - End Of File - - 4D1ED5D6144AF2A0A8C41C23B602CDF3

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:37 AM

Posted 05 January 2010 - 10:25 AM

You did just fine. Sometimes Combofix detects the antivirus as still running, even when it's not.

We need to reset the permissions altered by the malware on some files.
  • Download this tool and save it to the desktop: http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe
  • Go to Start => Run => Copy and paste the first line of the following lines in the run box and click OK:


    "%userprofile%\desktop\inherit" "C:\Windows\notepad.exe"

    "%userprofile%\desktop\inherit" "C:\Windows\System32\notepad.exe"

  • If you get a security warning select Run.
  • You will get a "Finish" popup. Click OK.
  • Do the same for the rest of the lines until you have run all the above commands one by one.


Now try this command again.

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A log should open up.
Please copy and paste that log back here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 DuncanR

DuncanR
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 05 January 2010 - 01:56 PM

I ran Inherit both times with no visible problems, but Junction still just blinks a console window open and closed. I can't find any logs affiliated with it.

Also, the whole "deleted registry key" hasn't occurred since I last restarted the computer. I can open programs much more reliably now, but still cannot access the control panels.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:37 AM

Posted 05 January 2010 - 08:51 PM

Run this command.

cmd /c junction -s c:\ >log.txt

Now check to see if a log was created at C:\log.txt
If so, please post that log.


Also type in this command and let me know what happens.

notepad
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 DuncanR

DuncanR
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 06 January 2010 - 04:09 AM

I double checked to ensure the Junction.exe was located in C and ran it using the command, and got the same result as before; it blinks a console window (I can some times see text in the window, but it goes by way too fast to screen-cap... let alone read). The only files currently in the C drive folder are as follows:

"BOOTSECT.BAK"
"ComboFix"
"RHDSetup"
"RootRepeal report 12-29-09 (21-40-57)"

Also, when I entered "notepad" into the run window it opened an empty notepad file.


Wait a minute...

Okay. I ran Junction again, and tried to hit the screencap key just as it started up. I was almost expecting something sinister, but it just looks sort of routine.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users