Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine Redirection virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 Moonj

Moonj

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 02 September 2009 - 04:11 PM

This thread can be closed I am currently receiving help on another forum elsewhere.


I am currently dealing with a virus that has redirected many of my online searches and I needed a place to post a log. For full details please read this forum where I have previously posted details about the virus and its progression in a number of posts. I am currently getting most of my help from that forum and only needed the post here because they dont allow the posting of logs there but any help that can be provided would be appreciated. This log is for post number 15 in that forum.

Log file is located at: C:\Documents and Settings\Jake\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\MSCORLIB\MSCORLIB

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing\System.Drawing

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Windows.Forms\System.Windows.Forms

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Xml\System.Xml

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\IME\SHARED\RES\RES

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\INF\oem158.inf

[1] 2009-07-08 13:44:20 725 C:\WINDOWS\INF\oem158.inf ()



Cannot access: C:\WINDOWS\INF\oem158.PNF

[1] 2009-08-26 22:05:42 4216 C:\WINDOWS\INF\oem158.PNF ()



Cannot access: C:\WINDOWS\INF\oem159.inf

[1] 2009-07-08 13:44:20 725 C:\WINDOWS\INF\oem159.inf ()



Cannot access: C:\WINDOWS\INF\oem159.PNF

[1] 2009-08-26 22:10:54 4208 C:\WINDOWS\INF\oem159.PNF ()



Cannot access: C:\WINDOWS\INF\oem160.inf

[1] 2009-07-08 13:44:20 725 C:\WINDOWS\INF\oem160.inf ()



Cannot access: C:\WINDOWS\INF\oem160.PNF

[1] 2009-08-26 22:10:55 4208 C:\WINDOWS\INF\oem160.PNF ()



Cannot access: C:\WINDOWS\INF\oem161.inf

[1] 2009-07-08 13:44:20 725 C:\WINDOWS\INF\oem161.inf ()



Cannot access: C:\WINDOWS\INF\oem161.PNF

[1] 2009-08-26 22:10:55 4208 C:\WINDOWS\INF\oem161.PNF ()



Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\JAVA\CLASSES\CLASSES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\KB892130.log

[1] 2009-08-26 21:53:21 18091 C:\WINDOWS\KB892130.log ()



Cannot access: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.new

[1] 2009-08-26 22:13:06 21792 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.new ()



Cannot access: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.new

[1] 2009-08-26 22:13:05 39093 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.new ()



Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\MUI\MUI

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\WUSB54Gv4.exe.20070412-174834-00.hdmp

[1] 2007-04-12 10:48:35 0 C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\WUSB54Gv4.exe.20070412-174834-00.hdmp ()



Cannot access: C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\WUSB54Gv4.exe.20080312-053142-00.hdmp

[1] 2008-03-11 22:31:54 34819 C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\WUSB54Gv4.exe.20080312-053142-00.hdmp ()



Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe

[1] 2006-02-28 05:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:22 744448 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe ()

[1] 2008-04-14 06:42:22 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\PCHEALTH\HELPCTR\Logs\helpctr.log

[1] 2009-08-26 22:26:26 1174 C:\WINDOWS\PCHEALTH\HELPCTR\Logs\helpctr.log ()



Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[1] 2005-01-17 23:27:55 831 C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup ()



Cannot access: C:\WINDOWS\pss\boot.ini.backup

[1] 2008-10-20 14:01:19 211 C:\WINDOWS\pss\boot.ini.backup ()



Cannot access: C:\WINDOWS\pss\system.ini.backup

[1] 2008-10-20 13:53:33 265 C:\WINDOWS\pss\system.ini.backup ()



Cannot access: C:\WINDOWS\pss\win.ini.backup

[1] 2008-10-20 14:04:01 681 C:\WINDOWS\pss\win.ini.backup ()



Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\setupapi.log

[1] 2009-09-02 11:12:55 393155 C:\WINDOWS\setupapi.log ()



Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\S-1-5-18

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab

[1] 2009-08-26 13:29:53 22206 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab ()

[1] 2009-08-26 21:52:12 22206 C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab ()



Cannot access: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cat

[1] 2008-10-16 14:24:36 45886 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cat ()

[1] 2008-10-16 14:24:36 45886 C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cat ()



Cannot access: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf

[1] 2008-10-16 14:15:40 13119 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf ()

[1] 2008-10-16 14:15:40 13119 C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf ()



Cannot access: C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab

[1] 2008-12-03 18:39:50 7582 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab ()

[1] 2009-08-26 21:52:11 7582 C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab ()



Cannot access: C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.txt

[1] 2008-10-16 20:11:14 1284 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.txt ()

[1] 2008-10-16 20:11:14 1284 C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.txt ()



Cannot access: C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab

[1] 2008-08-20 19:33:35 9668 C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab ()



Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\3COM_DMI\3COM_DMI

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SYSTEM32\attrib.exe

[1] 2006-02-28 05:00:00 11264 C:\WINDOWS\$NtServicePackUninstall$\attrib.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:14 12288 C:\WINDOWS\ServicePackFiles\i386\attrib.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:14 12288 C:\WINDOWS\SYSTEM32\attrib.exe ()

[1] 2004-08-04 04:00:00 11264 C:\i386\ATTRIB.EXE (Microsoft Corporation)



Cannot access: C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB892130.cat

[1] 2008-03-20 18:06:52 9452 C:\WINDOWS\SoftwareDistribution\Download\a49d784415582d2f98c84ceb0a75d898\update\kb892130.cat ()

[1] 2008-03-20 18:06:52 9452 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB892130.cat ()



Cannot access: C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT

[1] 2009-07-08 13:44:20 7486 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT ()



Cannot access: C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT

[1] 2009-07-08 13:44:20 7486 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT ()



Cannot access: C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT

[1] 2009-07-08 13:44:20 7486 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT ()



Cannot access: C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT

[1] 2009-07-08 13:44:20 7486 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT ()



Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-524469682-3275191586-4257435615-1003\S-1-5-21-524469682-3275191586-4257435615-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-524469682-3275191586-4257435615-1003\S-1-5-21-524469682-3275191586-4257435615-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-524469682-3275191586-4257435615-1003\S-1-5-21-524469682-3275191586-4257435615-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Pictures\Jasc Paint Shop Photo Album Images\Jasc Paint Shop Photo Album Images

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My PSP8 Files\Workspaces\Workspaces

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SYSTEM32\cscript.exe

[1] 2008-05-07 02:07:23 135168 C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe (Microsoft Corporation)

[1] 2006-02-28 05:00:00 98304 C:\WINDOWS\$NtServicePackUninstall$\cscript.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:16 139264 C:\WINDOWS\$NtUninstallKB951978$\cscript.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:16 139264 C:\WINDOWS\ServicePackFiles\i386\cscript.exe (Microsoft Corporation)

[1] 2008-05-07 02:07:23 135168 C:\WINDOWS\SYSTEM32\cscript.exe ()

[1] 2008-05-07 02:07:23 135168 C:\WINDOWS\SYSTEM32\DLLCACHE\cscript.exe (Microsoft Corporation)

[1] 2004-08-04 04:00:00 98304 C:\i386\CSCRIPT.EXE (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\DHCP\DHCP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\DISDN

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SYSTEM32\eventlog.dll

[1] 2006-02-28 05:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 06:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 06:41:54 61952 C:\WINDOWS\SYSTEM32\eventlog.dll ()

[2] 2008-04-14 06:41:54 56320 C:\WINDOWS\SYSTEM32\logevent.dll (Microsoft Corporation)

[1] 2004-08-04 04:00:00 55808 C:\i386\EVENTLOG.DLL (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\EXPORT\EXPORT

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SYSTEM32\findstr.exe

[1] 2006-02-28 05:00:00 27136 C:\WINDOWS\$NtServicePackUninstall$\findstr.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:22 27136 C:\WINDOWS\ServicePackFiles\i386\findstr.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:22 27136 C:\WINDOWS\SYSTEM32\findstr.exe ()

[1] 2004-08-04 04:00:00 27136 C:\i386\FINDSTR.EXE (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\INETSRV\INETSRV

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SYSTEM32\MRT.exe

[1] 2009-07-29 17:49:16 24281536 C:\WINDOWS\SYSTEM32\MRT.exe ()



Found mount point : C:\WINDOWS\SYSTEM32\MUI\DISPSPEC\DISPSPEC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPSGNUP\ISPSGNUP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMCUST\OEMCUST

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMHW\OEMHW

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMREG\OEMREG

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\SAMPLE\SAMPLE

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SYSTEM32\ping.exe

[1] 2006-02-28 05:00:00 17920 C:\WINDOWS\$NtServicePackUninstall$\ping.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:32 17920 C:\WINDOWS\ServicePackFiles\i386\ping.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:32 17920 C:\WINDOWS\SYSTEM32\ping.exe ()

[1] 2004-08-04 04:00:00 17920 C:\i386\PING.EXE (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0012\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0015\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0016\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0017\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SYSTEM32\route.exe

[1] 2006-02-28 05:00:00 19968 C:\WINDOWS\SYSTEM32\DLLCACHE\route.exe (Microsoft Corporation)

[1] 2006-02-28 05:00:00 19968 C:\WINDOWS\SYSTEM32\route.exe ()

[1] 2004-08-04 04:00:00 19968 C:\i386\ROUTE.EXE (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\IA64\IA64

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32ALPHA\W32ALPHA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\WIN40\WIN40

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\WBEM\MOF\BAD\BAD

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\WBEM\SNMP\SNMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\WINS\WINS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SYSTEM32\XIRCOM\XIRCOM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Twain32\Twain32

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\50244\50244

Mount point destination : \Device\__max++>\^



Finished!

Edited by Moonj, 03 September 2009 - 01:37 PM.


BC AdBot (Login to Remove)

 


#2 Moonj

Moonj
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 02 September 2009 - 05:00 PM

Adding another log file and this one is VERY long


Log file is located at: C:\Documents and Settings\Jake\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\MSCORLIB\MSCORLIB

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\MSCORLIB\MSCORLIB

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System\System

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing\System.Drawing

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing\System.Drawing

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Windows.Forms\System.Windows.Forms

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Windows.Forms\System.Windows.Forms

Found mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Xml\System.Xml

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\NativeImages1_v1.1.4322\System.Xml\System.Xml

Found mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ASSEMBLY\TMP\TMP

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Found mount point : C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS

Found mount point : C:\WINDOWS\IME\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS

Found mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMEJP98\IMEJP98

Found mount point : C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS

Found mount point : C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS

Found mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS

Found mount point : C:\WINDOWS\IME\SHARED\RES\RES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\IME\SHARED\RES\RES

Cannot access: C:\WINDOWS\INF\oem158.inf

Attempting to restore permissions of : C:\WINDOWS\INF\oem158.inf

[1] 2009-07-08 13:44:20 725 C:\WINDOWS\INF\oem158.inf ()



Cannot access: C:\WINDOWS\INF\oem158.PNF

Attempting to restore permissions of : C:\WINDOWS\INF\oem158.PNF

[1] 2009-08-26 22:05:42 4216 C:\WINDOWS\INF\oem158.PNF ()



Cannot access: C:\WINDOWS\INF\oem159.inf

Attempting to restore permissions of : C:\WINDOWS\INF\oem159.inf

[1] 2009-07-08 13:44:20 725 C:\WINDOWS\INF\oem159.inf ()



Cannot access: C:\WINDOWS\INF\oem159.PNF

Attempting to restore permissions of : C:\WINDOWS\INF\oem159.PNF

[1] 2009-08-26 22:10:54 4208 C:\WINDOWS\INF\oem159.PNF ()



Cannot access: C:\WINDOWS\INF\oem160.inf

Attempting to restore permissions of : C:\WINDOWS\INF\oem160.inf

[1] 2009-07-08 13:44:20 725 C:\WINDOWS\INF\oem160.inf ()



Cannot access: C:\WINDOWS\INF\oem160.PNF

Attempting to restore permissions of : C:\WINDOWS\INF\oem160.PNF

[1] 2009-08-26 22:10:55 4208 C:\WINDOWS\INF\oem160.PNF ()



Cannot access: C:\WINDOWS\INF\oem161.inf

Attempting to restore permissions of : C:\WINDOWS\INF\oem161.inf

[1] 2009-07-08 13:44:20 725 C:\WINDOWS\INF\oem161.inf ()



Cannot access: C:\WINDOWS\INF\oem161.PNF

Attempting to restore permissions of : C:\WINDOWS\INF\oem161.PNF

[1] 2009-08-26 22:10:55 4208 C:\WINDOWS\INF\oem161.PNF ()



Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\JAVA\CLASSES\CLASSES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\JAVA\CLASSES\CLASSES

Found mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\JAVA\TRUSTLIB\TRUSTLIB

Cannot access: C:\WINDOWS\KB892130.log

Attempting to restore permissions of : C:\WINDOWS\KB892130.log

[1] 2009-08-26 21:53:21 18091 C:\WINDOWS\KB892130.log ()



Cannot access: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.new

Attempting to restore permissions of : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.new

[1] 2009-08-26 22:13:06 21792 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config.cch.new ()



Cannot access: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.new

Attempting to restore permissions of : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.new

[1] 2009-08-26 22:13:05 39093 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.new ()



Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\MSAPPS\MSINFO\MSINFO

Found mount point : C:\WINDOWS\MUI\MUI

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\MUI\MUI

Cannot access: C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\WUSB54Gv4.exe.20070412-174834-00.hdmp

Attempting to restore permissions of : C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\WUSB54Gv4.exe.20070412-174834-00.hdmp

[1] 2007-04-12 10:48:35 0 C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\WUSB54Gv4.exe.20070412-174834-00.hdmp ()



Cannot access: C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\WUSB54Gv4.exe.20080312-053142-00.hdmp

Attempting to restore permissions of : C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\WUSB54Gv4.exe.20080312-053142-00.hdmp

[1] 2008-03-11 22:31:54 34819 C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\WUSB54Gv4.exe.20080312-053142-00.hdmp ()



Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Cannot access: C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe

[1] 2006-02-28 05:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:22 744448 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:22 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Cannot access: C:\WINDOWS\PCHEALTH\HELPCTR\Logs\helpctr.log

Attempting to restore permissions of : C:\WINDOWS\PCHEALTH\HELPCTR\Logs\helpctr.log

[1] 2009-08-26 22:26:26 1174 C:\WINDOWS\PCHEALTH\HELPCTR\Logs\helpctr.log ()



Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News

Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Cannot access: C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

Attempting to restore permissions of : C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[1] 2005-01-17 23:27:55 831 C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup ()



Cannot access: C:\WINDOWS\pss\boot.ini.backup

Attempting to restore permissions of : C:\WINDOWS\pss\boot.ini.backup

[1] 2008-10-20 14:01:19 211 C:\WINDOWS\pss\boot.ini.backup ()



Cannot access: C:\WINDOWS\pss\system.ini.backup

Attempting to restore permissions of : C:\WINDOWS\pss\system.ini.backup

[1] 2008-10-20 13:53:33 265 C:\WINDOWS\pss\system.ini.backup ()



Cannot access: C:\WINDOWS\pss\win.ini.backup

Attempting to restore permissions of : C:\WINDOWS\pss\win.ini.backup

[1] 2008-10-20 14:04:01 681 C:\WINDOWS\pss\win.ini.backup ()



Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Cannot access: C:\WINDOWS\setupapi.log

Attempting to restore permissions of : C:\WINDOWS\setupapi.log

[1] 2009-09-02 11:12:55 393155 C:\WINDOWS\setupapi.log ()



Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\S-1-5-18

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\S-1-5-18

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Cannot access: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab

[1] 2009-08-26 13:29:53 22206 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab ()

[1] 2009-08-26 21:52:12 22206 C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab ()



Cannot access: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cat

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cat

[1] 2008-10-16 14:24:36 45886 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cat ()

[1] 2008-10-16 14:24:36 45886 C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cat ()



Cannot access: C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf

[1] 2008-10-16 14:15:40 13119 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf ()

[1] 2008-10-16 14:15:40 13119 C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf ()



Cannot access: C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab

[1] 2008-12-03 18:39:50 7582 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab ()

[1] 2009-08-26 21:52:11 7582 C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab ()



Cannot access: C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.txt

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.txt

[1] 2008-10-16 20:11:14 1284 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.txt ()

[1] 2008-10-16 20:11:14 1284 C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.txt ()



Cannot access: C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab

[1] 2008-08-20 19:33:35 9668 C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab ()



Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SYSTEM32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1025\1025

Found mount point : C:\WINDOWS\SYSTEM32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1028\1028

Found mount point : C:\WINDOWS\SYSTEM32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1031\1031

Found mount point : C:\WINDOWS\SYSTEM32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1037\1037

Found mount point : C:\WINDOWS\SYSTEM32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1041\1041

Found mount point : C:\WINDOWS\SYSTEM32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1042\1042

Found mount point : C:\WINDOWS\SYSTEM32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\1054\1054

Found mount point : C:\WINDOWS\SYSTEM32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\2052\2052

Found mount point : C:\WINDOWS\SYSTEM32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\3076\3076

Found mount point : C:\WINDOWS\SYSTEM32\3COM_DMI\3COM_DMI

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\3COM_DMI\3COM_DMI

Found mount point : C:\WINDOWS\SYSTEM32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\Adobe\update\update

Cannot access: C:\WINDOWS\SYSTEM32\attrib.exe

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\attrib.exe

[1] 2006-02-28 05:00:00 11264 C:\WINDOWS\$NtServicePackUninstall$\attrib.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:14 12288 C:\WINDOWS\ServicePackFiles\i386\attrib.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:14 12288 C:\WINDOWS\SYSTEM32\attrib.exe (Microsoft Corporation)

[1] 2004-08-04 04:00:00 11264 C:\i386\ATTRIB.EXE (Microsoft Corporation)



Cannot access: C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB892130.cat

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB892130.cat

[1] 2008-03-20 18:06:52 9452 C:\WINDOWS\SoftwareDistribution\Download\a49d784415582d2f98c84ceb0a75d898\update\kb892130.cat ()

[1] 2008-03-20 18:06:52 9452 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB892130.cat ()



Cannot access: C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT

[1] 2009-07-08 13:44:20 7486 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem158.CAT ()



Cannot access: C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT

[1] 2009-07-08 13:44:20 7486 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem159.CAT ()



Cannot access: C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT

[1] 2009-07-08 13:44:20 7486 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem160.CAT ()



Cannot access: C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT

[1] 2009-07-08 13:44:20 7486 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem161.CAT ()



Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Jasc Software Inc\Paint Shop Pro 8\Cache\Cache

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-524469682-3275191586-4257435615-1003\S-1-5-21-524469682-3275191586-4257435615-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-524469682-3275191586-4257435615-1003\S-1-5-21-524469682-3275191586-4257435615-1003

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-524469682-3275191586-4257435615-1003\S-1-5-21-524469682-3275191586-4257435615-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-524469682-3275191586-4257435615-1003\S-1-5-21-524469682-3275191586-4257435615-1003

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Desktop\Desktop

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-524469682-3275191586-4257435615-1003\S-1-5-21-524469682-3275191586-4257435615-1003

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-524469682-3275191586-4257435615-1003\S-1-5-21-524469682-3275191586-4257435615-1003

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temp\Temp

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Pictures\Jasc Paint Shop Photo Album Images\Jasc Paint Shop Photo Album Images

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My Pictures\Jasc Paint Shop Photo Album Images\Jasc Paint Shop Photo Album Images

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My PSP8 Files\Workspaces\Workspaces

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\My Documents\My PSP8 Files\Workspaces\Workspaces

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\PrintHood\PrintHood

Cannot access: C:\WINDOWS\SYSTEM32\cscript.exe

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\cscript.exe

[1] 2008-05-07 02:07:23 135168 C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe (Microsoft Corporation)

[1] 2006-02-28 05:00:00 98304 C:\WINDOWS\$NtServicePackUninstall$\cscript.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:16 139264 C:\WINDOWS\$NtUninstallKB951978$\cscript.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:16 139264 C:\WINDOWS\ServicePackFiles\i386\cscript.exe (Microsoft Corporation)

[1] 2008-05-07 02:07:23 135168 C:\WINDOWS\SYSTEM32\cscript.exe (Microsoft Corporation)

[1] 2008-05-07 02:07:23 135168 C:\WINDOWS\SYSTEM32\DLLCACHE\cscript.exe (Microsoft Corporation)

[1] 2004-08-04 04:00:00 98304 C:\i386\CSCRIPT.EXE (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\DHCP\DHCP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\DHCP\DHCP

Found mount point : C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\DISDN

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\DISDN

Cannot access: C:\WINDOWS\SYSTEM32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\eventlog.dll

[1] 2006-02-28 05:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 06:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 06:41:54 61952 C:\WINDOWS\SYSTEM32\eventlog.dll ()

[2] 2008-04-14 06:41:54 56320 C:\WINDOWS\SYSTEM32\logevent.dll (Microsoft Corporation)

[1] 2004-08-04 04:00:00 55808 C:\i386\EVENTLOG.DLL (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\EXPORT\EXPORT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\EXPORT\EXPORT

Cannot access: C:\WINDOWS\SYSTEM32\findstr.exe

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\findstr.exe

[1] 2006-02-28 05:00:00 27136 C:\WINDOWS\$NtServicePackUninstall$\findstr.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:22 27136 C:\WINDOWS\ServicePackFiles\i386\findstr.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:22 27136 C:\WINDOWS\SYSTEM32\findstr.exe (Microsoft Corporation)

[1] 2004-08-04 04:00:00 27136 C:\i386\FINDSTR.EXE (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\FxsTmp\FxsTmp

Found mount point : C:\WINDOWS\SYSTEM32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\SYSTEM32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\SYSTEM32\INETSRV\INETSRV

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\INETSRV\INETSRV

Found mount point : C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDF

Found mount point : C:\WINDOWS\SYSTEM32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys

Cannot access: C:\WINDOWS\SYSTEM32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\MRT.exe

[1] 2009-07-29 17:49:16 24281536 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\MUI\DISPSPEC\DISPSPEC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\MUI\DISPSPEC\DISPSPEC

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPSGNUP\ISPSGNUP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPSGNUP\ISPSGNUP

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMCUST\OEMCUST

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMCUST\OEMCUST

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMHW\OEMHW

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMHW\OEMHW

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMREG\OEMREG

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\HTML\OEMREG\OEMREG

Found mount point : C:\WINDOWS\SYSTEM32\OOBE\SAMPLE\SAMPLE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\OOBE\SAMPLE\SAMPLE

Cannot access: C:\WINDOWS\SYSTEM32\ping.exe

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\ping.exe

[1] 2006-02-28 05:00:00 17920 C:\WINDOWS\$NtServicePackUninstall$\ping.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:32 17920 C:\WINDOWS\ServicePackFiles\i386\ping.exe (Microsoft Corporation)

[1] 2008-04-14 06:42:32 17920 C:\WINDOWS\SYSTEM32\ping.exe (Microsoft Corporation)

[1] 2004-08-04 04:00:00 17920 C:\i386\PING.EXE (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\DriverFiles

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\DriverFiles

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0012\DriverFiles\DriverFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0012\DriverFiles\DriverFiles

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0015\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0015\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0016\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0016\DriverFiles\i386\i386

Found mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0017\DriverFiles\i386\i386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ReinstallBackups\0017\DriverFiles\i386\i386

Cannot access: C:\WINDOWS\SYSTEM32\route.exe

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\route.exe

[1] 2006-02-28 05:00:00 19968 C:\WINDOWS\SYSTEM32\DLLCACHE\route.exe (Microsoft Corporation)

[1] 2006-02-28 05:00:00 19968 C:\WINDOWS\SYSTEM32\route.exe (Microsoft Corporation)

[1] 2004-08-04 04:00:00 19968 C:\i386\ROUTE.EXE (Microsoft Corporation)



Found mount point : C:\WINDOWS\SYSTEM32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\IA64\IA64

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\IA64\IA64

Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32ALPHA\W32ALPHA

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32ALPHA\W32ALPHA

Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\WIN40\WIN40

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\WIN40\WIN40

Found mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\x64\x64

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\x64\x64

Found mount point : C:\WINDOWS\SYSTEM32\WBEM\MOF\BAD\BAD

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\WBEM\MOF\BAD\BAD

Found mount point : C:\WINDOWS\SYSTEM32\WBEM\SNMP\SNMP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\WBEM\SNMP\SNMP

Found mount point : C:\WINDOWS\SYSTEM32\WINS\WINS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\WINS\WINS

Found mount point : C:\WINDOWS\SYSTEM32\XIRCOM\XIRCOM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SYSTEM32\XIRCOM\XIRCOM

Found mount point : C:\WINDOWS\Twain32\Twain32

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Twain32\Twain32

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\50244\50244

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\50244\50244



Finished!

#3 Moonj

Moonj
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 03 September 2009 - 01:36 PM

This topic can be closed I am currently receiving help from another forum elsewhere.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:55 AM

Posted 04 September 2009 - 12:18 PM

Thank you for letting us know. This topic shall now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users