View Full Version : Hijack this, Ad-aware, Malwarebytes, AVG ineffective.
They install and run, but "crash" when I try to run a scan. Even in safe mode.
Symptoms: PC slowdown, Firefox crashing every time I try to start it, even in safe mode, porn shortcuts on desktop, random IE popups.
Also, after running malware removal programs once, I seem to be unable to run them again without reinstalling.
Hi bfett81
Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Hi bfett81
Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Thanks, Shaba. In the interest of perhaps saving you time I should tell you I believe I fixed my problem last night. However, I did run a scan as you instructed, just to be sure. This is what I got.
Running from: C:\Users\bfett81\Desktop\Win32kDiag.exe
Log file at : C:\Users\bfett81\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Found mount point : C:\Windows\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace
Mount point destination : \Device\__max++>\^
Cannot access: C:\Windows\CSC\v2.0.6\pq
ERROR OCCURRED!
------------------------------
Windows Version: Windows Vista SP0
Exception Code: 0xc0000005
Exception Address: 0x00402415
Attempt to write to address: 0x00000000
You are not completely clean :)
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r
You are not completely clean :)
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r
Well, that is good and bad news I suppose...thank you.
Here is the log.
Running from: C:\Users\bfett81\Desktop\win32kdiag.exe
Log file at : C:\Users\bfett81\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Found mount point : C:\Windows\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\AppPatch\Custom\Custom
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp
Found mount point : C:\Windows\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\temp\temp
Found mount point : C:\Windows\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\tmp\tmp
Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\CSC\v2.0.6\namespace\namespace
Cannot access: C:\Windows\CSC\v2.0.6\pq
Attempting to restore permissions of : C:\Windows\CSC\v2.0.6\pq
Cannot access: C:\Windows\CSC\v2.0.6\temp\ea-{3571fd10-6762-11de-98a2-bcc32f1718d1}
Attempting to restore permissions of : C:\Windows\CSC\v2.0.6\temp\ea-{3571fd10-6762-11de-98a2-bcc32f1718d1}
Found mount point : C:\Windows\DigitalLocker\de-DE\de-DE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\DigitalLocker\de-DE\de-DE
Found mount point : C:\Windows\DigitalLocker\en-US\en-US
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\DigitalLocker\en-US\en-US
Found mount point : C:\Windows\DigitalLocker\es-ES\es-ES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\DigitalLocker\es-ES\es-ES
Found mount point : C:\Windows\DigitalLocker\fr-FR\fr-FR
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\DigitalLocker\fr-FR\fr-FR
Found mount point : C:\Windows\DigitalLocker\it-IT\it-IT
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\DigitalLocker\it-IT\it-IT
Found mount point : C:\Windows\DigitalLocker\ja-JP\ja-JP
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\DigitalLocker\ja-JP\ja-JP
Found mount point : C:\Windows\DigitalLocker\nl-NL\nl-NL
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\DigitalLocker\nl-NL\nl-NL
Found mount point : C:\Windows\ehome\CreateDisc\style\style
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ehome\CreateDisc\style\style
Found mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed
Found mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed
Found mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed
Found mount point : C:\Windows\Help\Corporate\Corporate
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Help\Corporate\Corporate
Found mount point : C:\Windows\Help\OEM\OEM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Help\OEM\OEM
Found mount point : C:\Windows\inf\PNRPSvc\0000\0000
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0000\0000
Found mount point : C:\Windows\inf\PNRPSvc\0401\0401
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0401\0401
Found mount point : C:\Windows\inf\PNRPSvc\0404\0404
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0404\0404
Found mount point : C:\Windows\inf\PNRPSvc\0405\0405
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0405\0405
Found mount point : C:\Windows\inf\PNRPSvc\0407\0407
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0407\0407
Found mount point : C:\Windows\inf\PNRPSvc\0408\0408
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0408\0408
Found mount point : C:\Windows\inf\PNRPSvc\0409\0409
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0409\0409
Found mount point : C:\Windows\inf\PNRPSvc\040B\040B
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\040B\040B
Found mount point : C:\Windows\inf\PNRPSvc\040C\040C
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\040C\040C
Found mount point : C:\Windows\inf\PNRPSvc\040D\040D
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\040D\040D
Found mount point : C:\Windows\inf\PNRPSvc\0410\0410
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0410\0410
Found mount point : C:\Windows\inf\PNRPSvc\0411\0411
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0411\0411
Found mount point : C:\Windows\inf\PNRPSvc\0413\0413
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0413\0413
Found mount point : C:\Windows\inf\PNRPSvc\0414\0414
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0414\0414
Found mount point : C:\Windows\inf\PNRPSvc\0416\0416
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0416\0416
Found mount point : C:\Windows\inf\PNRPSvc\0419\0419
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0419\0419
Found mount point : C:\Windows\inf\PNRPSvc\041F\041F
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\041F\041F
Found mount point : C:\Windows\inf\PNRPSvc\0C0A\0C0A
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0C0A\0C0A
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\9.1.0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\9.1.0
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\EEB0EBA6275D8EF44B43E9272A9834B1\EEB0EBA6275D8EF44B43E9272A9834B1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\EEB0EBA6275D8EF44B43E9272A9834B1\EEB0EBA6275D8EF44B43E9272A9834B1
Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\LiveKernelReports\LiveKernelReports
Found mount point : C:\Windows\Logs\SystemRestore\SystemRestore
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Logs\SystemRestore\SystemRestore
Found mount point : C:\Windows\Microsoft.NET\authman\authman
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Microsoft.NET\authman\authman
Found mount point : C:\Windows\ModemLogs\ModemLogs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ModemLogs\ModemLogs
Found mount point : C:\Windows\Panther\setup.exe\setup.exe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Panther\setup.exe\setup.exe
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Found mount point : C:\Windows\PLA\Templates\Templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\PLA\Templates\Templates
Found mount point : C:\Windows\registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\registration\CRMLog\CRMLog
Found mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps
Found mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops
Found mount point : C:\Windows\SchCache\SchCache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SchCache\SchCache
Found mount point : C:\Windows\security\audit\audit
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\security\audit\audit
Found mount point : C:\Windows\security\logs\logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\security\logs\logs
Found mount point : C:\Windows\security\templates\templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\security\templates\templates
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Caches\Caches
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Caches\Caches
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop
Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents
Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads
Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites
Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links
Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music
Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures
Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games
Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\Icon Files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\Icon Files
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos
Found mount point : C:\Windows\servicing\SQM\SQM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\servicing\SQM\SQM
Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a
Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7
Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache
Found mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler
Found mount point : C:\Windows\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Sun\Java\Deployment\Deployment
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Found mount point : C:\Windows\Temp\MPInstrumentation\MPInstrumentation
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Temp\MPInstrumentation\MPInstrumentation
Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Found mount point : C:\Windows\Temp\SDIAG_3f2315c0-7bd2-419a-922e-6465a0d8adbe\en-US\en-US
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Temp\SDIAG_3f2315c0-7bd2-419a-922e-6465a0d8adbe\en-US\en-US
Found mount point : C:\Windows\Temp\SDIAG_3f2315c0-7bd2-419a-922e-6465a0d8adbe\result\result
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Temp\SDIAG_3f2315c0-7bd2-419a-922e-6465a0d8adbe\result\result
Found mount point : C:\Windows\Vss\Writers\Application\Application
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Vss\Writers\Application\Application
Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\InstallTemp\InstallTemp
Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames
Found mount point : C:\Windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.1.7100.0_none_cc434bcb24874f3d\x86_aspnet_regsql_b03f5f7f11d50a3a_6.1.7100.0_none_cc434bcb24874f3d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.1.7100.0_none_cc434bcb24874f3d\x86_aspnet_regsql_b03f5f7f11d50a3a_6.1.7100.0_none_cc434bcb24874f3d
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-a..ce-useractionrecord_31bf3856ad364e35_6.1.7100.0_none_a3e152fa48fabb4d\x86_microsoft-windows-a..ce-useractionrecord_31bf3856ad364e35_6.1.7100.0_none_a3e152fa48fabb4d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-a..ce-useractionrecord_31bf3856ad364e35_6.1.7100.0_none_a3e152fa48fabb4d\x86_microsoft-windows-a..ce-useractionrecord_31bf3856ad364e35_6.1.7100.0_none_a3e152fa48fabb4d
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7100.0_none_89b573f9dcda4711\x86_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7100.0_none_89b573f9dcda4711
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7100.0_none_89b573f9dcda4711\x86_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7100.0_none_89b573f9dcda4711
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-bcdboot-cmdlinetool_31bf3856ad364e35_6.1.7100.0_none_d248dcf6933a37d7\x86_microsoft-windows-bcdboot-cmdlinetool_31bf3856ad364e35_6.1.7100.0_none_d248dcf6933a37d7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-bcdboot-cmdlinetool_31bf3856ad364e35_6.1.7100.0_none_d248dcf6933a37d7\x86_microsoft-windows-bcdboot-cmdlinetool_31bf3856ad364e35_6.1.7100.0_none_d248dcf6933a37d7
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-control_31bf3856ad364e35_6.1.7100.0_none_0a5ef19eff93a5b6\x86_microsoft-windows-control_31bf3856ad364e35_6.1.7100.0_none_0a5ef19eff93a5b6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-control_31bf3856ad364e35_6.1.7100.0_none_0a5ef19eff93a5b6\x86_microsoft-windows-control_31bf3856ad364e35_6.1.7100.0_none_0a5ef19eff93a5b6
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-diantz_31bf3856ad364e35_6.1.7100.0_none_17b90ccd17b75dcb\x86_microsoft-windows-diantz_31bf3856ad364e35_6.1.7100.0_none_17b90ccd17b75dcb
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-diantz_31bf3856ad364e35_6.1.7100.0_none_17b90ccd17b75dcb\x86_microsoft-windows-diantz_31bf3856ad364e35_6.1.7100.0_none_17b90ccd17b75dcb
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7100.0_none_0715c3d6ea1f7125\x86_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7100.0_none_0715c3d6ea1f7125
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7100.0_none_0715c3d6ea1f7125\x86_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7100.0_none_0715c3d6ea1f7125
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_6.1.7100.0_none_4a7ee55f1a56f276\x86_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_6.1.7100.0_none_4a7ee55f1a56f276
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_6.1.7100.0_none_4a7ee55f1a56f276\x86_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_6.1.7100.0_none_4a7ee55f1a56f276
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7100.0_none_c63810218fe39556\x86_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7100.0_none_c63810218fe39556
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7100.0_none_c63810218fe39556\x86_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7100.0_none_c63810218fe39556
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7100.0_none_6767c063dcac4d4a\x86_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7100.0_none_6767c063dcac4d4a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7100.0_none_6767c063dcac4d4a\x86_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7100.0_none_6767c063dcac4d4a
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7100.0_none_cbba2168d86b5e67\x86_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7100.0_none_cbba2168d86b5e67
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7100.0_none_cbba2168d86b5e67\x86_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7100.0_none_cbba2168d86b5e67
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-ehome-wtvconverter_31bf3856ad364e35_6.1.7100.0_none_bd445186f10de9fb\x86_microsoft-windows-ehome-wtvconverter_31bf3856ad364e35_6.1.7100.0_none_bd445186f10de9fb
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-ehome-wtvconverter_31bf3856ad364e35_6.1.7100.0_none_bd445186f10de9fb\x86_microsoft-windows-ehome-wtvconverter_31bf3856ad364e35_6.1.7100.0_none_bd445186f10de9fb
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-ftp_31bf3856ad364e35_6.1.7100.0_none_1dde5651ad9fceff\x86_microsoft-windows-ftp_31bf3856ad364e35_6.1.7100.0_none_1dde5651ad9fceff
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-ftp_31bf3856ad364e35_6.1.7100.0_none_1dde5651ad9fceff\x86_microsoft-windows-ftp_31bf3856ad364e35_6.1.7100.0_none_1dde5651ad9fceff
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-icacls_31bf3856ad364e35_6.1.7100.0_none_a3a79771fb1002a4\x86_microsoft-windows-icacls_31bf3856ad364e35_6.1.7100.0_none_a3a79771fb1002a4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-icacls_31bf3856ad364e35_6.1.7100.0_none_a3a79771fb1002a4\x86_microsoft-windows-icacls_31bf3856ad364e35_6.1.7100.0_none_a3a79771fb1002a4
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7100.0_none_e58756fec17a786c\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7100.0_none_e58756fec17a786c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7100.0_none_e58756fec17a786c\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7100.0_none_e58756fec17a786c
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.7100.0_none_74c940dc49bf470d\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.7100.0_none_74c940dc49bf470d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.7100.0_none_74c940dc49bf470d\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.7100.0_none_74c940dc49bf470d
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7100.0_none_470cfd49cf481a3e\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7100.0_none_470cfd49cf481a3e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7100.0_none_470cfd49cf481a3e\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7100.0_none_470cfd49cf481a3e
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7100.0_none_b542dfbf92ccdd76\x86_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7100.0_none_b542dfbf92ccdd76
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7100.0_none_b542dfbf92ccdd76\x86_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7100.0_none_b542dfbf92ccdd76
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_6.1.7100.0_none_147afd50fb1a10c2\x86_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_6.1.7100.0_none_147afd50fb1a10c2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_6.1.7100.0_none_147afd50fb1a10c2\x86_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_6.1.7100.0_none_147afd50fb1a10c2
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7100.0_none_7e69d2de4733074b\x86_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7100.0_none_7e69d2de4733074b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7100.0_none_7e69d2de4733074b\x86_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_6.1.7100.0_none_7e69d2de4733074b
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.1.7100.0_none_4b6d36e4f2d5e1da\x86_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.1.7100.0_none_4b6d36e4f2d5e1da
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.1.7100.0_none_4b6d36e4f2d5e1da\x86_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.1.7100.0_none_4b6d36e4f2d5e1da
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-msdt_31bf3856ad364e35_6.1.7100.0_none_16755a54729c4ac7\x86_microsoft-windows-msdt_31bf3856ad364e35_6.1.7100.0_none_16755a54729c4ac7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-msdt_31bf3856ad364e35_6.1.7100.0_none_16755a54729c4ac7\x86_microsoft-windows-msdt_31bf3856ad364e35_6.1.7100.0_none_16755a54729c4ac7
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7100.0_none_8aff949d09ee2631\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7100.0_none_8aff949d09ee2631
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7100.0_none_8aff949d09ee2631\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.1.7100.0_none_8aff949d09ee2631
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_6.1.7100.0_none_7a4eb098d5d4f5b1\x86_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_6.1.7100.0_none_7a4eb098d5d4f5b1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_6.1.7100.0_none_7a4eb098d5d4f5b1\x86_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_6.1.7100.0_none_7a4eb098d5d4f5b1
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7100.0_none_98b9f038e77af932\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7100.0_none_98b9f038e77af932
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7100.0_none_98b9f038e77af932\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7100.0_none_98b9f038e77af932
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-regini_31bf3856ad364e35_6.1.7100.0_none_7d4934d00ee6b4c7\x86_microsoft-windows-regini_31bf3856ad364e35_6.1.7100.0_none_7d4934d00ee6b4c7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-regini_31bf3856ad364e35_6.1.7100.0_none_7d4934d00ee6b4c7\x86_microsoft-windows-regini_31bf3856ad364e35_6.1.7100.0_none_7d4934d00ee6b4c7
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7100.0_none_e94a15b28499697b\x86_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7100.0_none_e94a15b28499697b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7100.0_none_e94a15b28499697b\x86_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7100.0_none_e94a15b28499697b
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7100.0_none_683b8039395c3d2d\x86_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7100.0_none_683b8039395c3d2d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7100.0_none_683b8039395c3d2d\x86_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7100.0_none_683b8039395c3d2d
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7100.0_none_cbc9a59157f00e77\x86_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7100.0_none_cbc9a59157f00e77
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7100.0_none_cbc9a59157f00e77\x86_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7100.0_none_cbc9a59157f00e77
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-secinit_31bf3856ad364e35_6.1.7100.0_none_f8aae8d922140a58\x86_microsoft-windows-secinit_31bf3856ad364e35_6.1.7100.0_none_f8aae8d922140a58
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-secinit_31bf3856ad364e35_6.1.7100.0_none_f8aae8d922140a58\x86_microsoft-windows-secinit_31bf3856ad364e35_6.1.7100.0_none_f8aae8d922140a58
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7100.0_none_895591437a97eb1e\x86_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7100.0_none_895591437a97eb1e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7100.0_none_895591437a97eb1e\x86_microsoft-windows-security-syskey_31bf3856ad364e35_6.1.7100.0_none_895591437a97eb1e
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7100.0_none_29f7c002591af3dd\x86_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7100.0_none_29f7c002591af3dd
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7100.0_none_29f7c002591af3dd\x86_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7100.0_none_29f7c002591af3dd
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-sstext3d_31bf3856ad364e35_6.1.7100.0_none_752bb0dfb4b2052b\x86_microsoft-windows-sstext3d_31bf3856ad364e35_6.1.7100.0_none_752bb0dfb4b2052b
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-sstext3d_31bf3856ad364e35_6.1.7100.0_none_752bb0dfb4b2052b\x86_microsoft-windows-sstext3d_31bf3856ad364e35_6.1.7100.0_none_752bb0dfb4b2052b
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7100.0_none_9758331e32580ab9\x86_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7100.0_none_9758331e32580ab9
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7100.0_none_9758331e32580ab9\x86_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7100.0_none_9758331e32580ab9
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7100.0_none_72c909046037fbfe\x86_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7100.0_none_72c909046037fbfe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7100.0_none_72c909046037fbfe\x86_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7100.0_none_72c909046037fbfe
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-time-tool_31bf3856ad364e35_6.1.7100.0_none_5dfc13b791044b4f\x86_microsoft-windows-time-tool_31bf3856ad364e35_6.1.7100.0_none_5dfc13b791044b4f
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-time-tool_31bf3856ad364e35_6.1.7100.0_none_5dfc13b791044b4f\x86_microsoft-windows-time-tool_31bf3856ad364e35_6.1.7100.0_none_5dfc13b791044b4f
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-timeout_31bf3856ad364e35_6.1.7100.0_none_fd5765221b5a8296\x86_microsoft-windows-timeout_31bf3856ad364e35_6.1.7100.0_none_fd5765221b5a8296
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-timeout_31bf3856ad364e35_6.1.7100.0_none_fd5765221b5a8296\x86_microsoft-windows-timeout_31bf3856ad364e35_6.1.7100.0_none_fd5765221b5a8296
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-where_31bf3856ad364e35_6.1.7100.0_none_cec6318133406450\x86_microsoft-windows-where_31bf3856ad364e35_6.1.7100.0_none_cec6318133406450
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-where_31bf3856ad364e35_6.1.7100.0_none_cec6318133406450\x86_microsoft-windows-where_31bf3856ad364e35_6.1.7100.0_none_cec6318133406450
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-winhstb_31bf3856ad364e35_6.1.7100.0_none_99f906ba5e7ca31a\x86_microsoft-windows-winhstb_31bf3856ad364e35_6.1.7100.0_none_99f906ba5e7ca31a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-winhstb_31bf3856ad364e35_6.1.7100.0_none_99f906ba5e7ca31a\x86_microsoft-windows-winhstb_31bf3856ad364e35_6.1.7100.0_none_99f906ba5e7ca31a
Found mount point : C:\Windows\winsxs\x86_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.1.7100.0_none_28b7bb720e8c71c3\x86_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.1.7100.0_none_28b7bb720e8c71c3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\x86_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.1.7100.0_none_28b7bb720e8c71c3\x86_microsoft-windows-wmpnss-ux_31bf3856ad364e35_6.1.7100.0_none_28b7bb720e8c71c3
Finished!
Please now rerun win32kdiag.exe normally and post back fresh log :)
Please now rerun win32kdiag.exe normally and post back fresh log :)
Here you go:
Running from: C:\Users\bfett81\Desktop\Win32kDiag.exe
Log file at : C:\Users\bfett81\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Found mount point : C:\Windows\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\DigitalLocker\de-DE\de-DE
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\DigitalLocker\en-US\en-US
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\DigitalLocker\es-ES\es-ES
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\DigitalLocker\fr-FR\fr-FR
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\DigitalLocker\it-IT\it-IT
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\DigitalLocker\ja-JP\ja-JP
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\DigitalLocker\nl-NL\nl-NL
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ehome\CreateDisc\style\style
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0000\0000
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0401\0401
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0404\0404
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0405\0405
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0407\0407
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0408\0408
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0409\0409
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\040B\040B
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\040C\040C
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\040D\040D
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0410\0410
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0411\0411
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0413\0413
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0414\0414
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0416\0416
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0419\0419
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\041F\041F
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0C0A\0C0A
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Microsoft.NET\authman\authman
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PLA\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\servicing\SQM\SQM
Mount point destination : \Device\__max++>\^
Finished!
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
ComboFix apparently won't install on Windows 7?
I get the error "windows cannot find nircmdb.exe."
Yes not all tools are compatible with windows 7.
As it hasn't even released for great public, I am unable to provide assistance as I don't have tools to use, sorry.