Benny23
2009-08-31, 13:16
Hi there,
I recently noticed that my browsers (both IE and Firefox) had been hijacked so I attempted to run Spybot and received an error - "Windows cannot access the specified device, path or file. You may not have appropriate permissions to access the item."
I then tried to run Malwarebytes Anti-Malware and Hijackthis and both gave the same error. However I was able to run Win32Diag.exe and have included the log file below.
I've also tried to run system restore a couple of times but even though the restore points exist, i keep getting a message about no changes having been made so the restore points cannot be applied.
Thanks in advance for your help,
Ben
---------------------
Win32kDiag.txt log file
---------------------
Log file is located at: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB873339\KB873339
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB885836\KB885836
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB888302\KB888302
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB890859\KB890859
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB893756\KB893756
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB896428\KB896428
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB899587\KB899587
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB899591\KB899591
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB900725\KB900725
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB901017\KB901017
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB902400\KB902400
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB905749\KB905749
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22B.tmp\ZAP22B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP30A.tmp\ZAP30A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP332.tmp\ZAP332.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\Professional_32_041b\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\Professional_32_041b\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\Professional_32_0424\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\Professional_32_0424\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\843953281f8497f8e20b19c4e3fe3e01\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ee626d72680ff2619246a1cf5516f892\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2437056968-1327776422-2734631917-500\S-1-5-21-2437056968-1327776422-2734631917-500
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D28BEC46-EF94-4C0B-B06D-3587843810D2}\{D28BEC46-EF94-4C0B-B06D-3587843810D2}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView\SampleView
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\HelpCtr\HelpCtr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Portable Devices\Portable Devices
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\PDFC\PDFC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2004-08-04 18:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 05:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 05:41:54 62464 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-14 05:41:54 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\phpED\config\config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\PDFC\PDFC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\slu41cf.tmp\slu41cf.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\slu77bf.tmp\slu77bf.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Finished!
I recently noticed that my browsers (both IE and Firefox) had been hijacked so I attempted to run Spybot and received an error - "Windows cannot access the specified device, path or file. You may not have appropriate permissions to access the item."
I then tried to run Malwarebytes Anti-Malware and Hijackthis and both gave the same error. However I was able to run Win32Diag.exe and have included the log file below.
I've also tried to run system restore a couple of times but even though the restore points exist, i keep getting a message about no changes having been made so the restore points cannot be applied.
Thanks in advance for your help,
Ben
---------------------
Win32kDiag.txt log file
---------------------
Log file is located at: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB873339\KB873339
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB885836\KB885836
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB888302\KB888302
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB890859\KB890859
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB893756\KB893756
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB896428\KB896428
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB899587\KB899587
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB899591\KB899591
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB900725\KB900725
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB901017\KB901017
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB902400\KB902400
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB905749\KB905749
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22B.tmp\ZAP22B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP30A.tmp\ZAP30A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP332.tmp\ZAP332.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\Professional_32_041b\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\Professional_32_041b\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\Professional_32_0424\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\Professional_32_0424\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\843953281f8497f8e20b19c4e3fe3e01\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\ee626d72680ff2619246a1cf5516f892\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1025\1025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1028\1028
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1031\1031
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1037\1037
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1041\1041
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1042\1042
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\1054\1054
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\2052\2052
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3076\3076
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2437056968-1327776422-2734631917-500\S-1-5-21-2437056968-1327776422-2734631917-500
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D28BEC46-EF94-4C0B-B06D-3587843810D2}\{D28BEC46-EF94-4C0B-B06D-3587843810D2}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView\SampleView
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\HelpCtr\HelpCtr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Portable Devices\Portable Devices
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\PDFC\PDFC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\dhcp\dhcp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2004-08-04 18:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 05:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 05:41:54 62464 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-14 05:41:54 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\system32\export\export
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\oobe\sample\sample
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\phpED\config\config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\wins\wins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\system32\xircom\xircom
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\PDFC\PDFC
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\slu41cf.tmp\slu41cf.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\slu77bf.tmp\slu77bf.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Finished!