Potential rootkit infection?

[kingnothing]

Hi all, I think I maybe infected with a rootkit. When I try to start programs I get "Acess denied" errors. I scanned my computer with AVG and it found a trojan and healed/removed it. I have tried to run malwarebytes anti-malware but after a few seconds of scanning it just disappears. So then I tried to run Hijackthis but again this just disappears afew seconds in to scanning. I have backed up my registry with erunt. I'm on a HP Laptop running Windows 7 RC. Any help would be greatly appreciated.

Thanks,

 

[Blade81]

Hi,

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says Error deleting file, please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

 

[kingnothing]

Hi and thanks for helping me with this. Unfortunately I am unable to start this program. I get an error stating that it is not a valid Win32 application.

 

[Blade81]

Hi,

While downloading the file, name it as iEXplore.exe and try running it after that.

See also if you're able to run GMER:

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log in your reply.

 

[kingnothing]

I still couldn't get exehelper to run however GMER ran below is the log it created:

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-26 13:46:10
Windows 6.1.7100
Running: l2nrk1lf.exe; Driver: C:\Users\Tom\AppData\Local\Temp\pwloikow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C14634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C14898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13B1 8283B549 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8285B6B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !
.text peauth.sys 99735C9E 27 Bytes [F8, D1, AB, 16, 2E, B2, 59, ...]
.text peauth.sys 99735CC2 27 Bytes [F8, D1, AB, 16, 2E, B2, 59, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\winsvc32.exe[2664] USER32.dll!InvalidateRect + F 767357E0 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
.text C:\Windows\winsvc32.exe[2664] GDI32.dll!GetLayout + 1EC 765F74AC 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
.text C:\Windows\winsvc32.exe[2664] GDI32.dll!D3DKMTQueryAllocationResidency + 61 765FF956 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2992] USER32.dll!InvalidateRect + F 767357E0 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2992] GDI32.dll!GetLayout + 1EC 765F74AC 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2992] GDI32.dll!D3DKMTQueryAllocationResidency + 61 765FF956 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] kernel32.dll!SetUnhandledExceptionFilter 766930AA 5 Bytes JMP 6A8A5629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] GDI32.dll!GetLayout + 1EC 765F74AC 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] GDI32.dll!D3DKMTQueryAllocationResidency + 61 765FF956 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] USER32.dll!InvalidateRect + F 767357E0 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\435DB6B0.x86.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\winsvc32.exe[2664] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
IAT C:\Windows\winsvc32.exe[2664] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\435DB6B0.x86.dll
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F84A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F84A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F84A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F84A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74F84A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74F84A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4000] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74F84A2D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\system32\wininit.exe [432] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\system32\services.exe [552] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [796] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [848] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [972] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1120] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1272] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\System32\spoolsv.exe [1460] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1488] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1612] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [1664] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1700] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\system32\lxcecoms.exe [1740] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgnsx.exe [2028] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\winsvc32.exe [2664] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [2992] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3292] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [3580] 0x35670000
Library \\?\globalroot\Device\__max++>\435DB6B0.x86.dll (*** hidden *** ) @ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [4000] 0x35670000

---- EOF - GMER 1.0.15 ----

 

[kingnothing]

I have to go out now but will be back in approximately 4 hours.

Thanks,

 

[Blade81]

Hi,


Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.

@ECHO OFF
DIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\Windows\cngaudit.dll >LogIt.txt
START LogIt.txt
DEL %0

Double-click on fixes.bat file to execute it. If all goes well, you should end up with LogIt.txt contents. Please post it back here.

 

[kingnothing]

I made he fixes.bat file as per your instructions and when I double clicked on it nothing happened. I then tried to run it again and got an error "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

 

[Blade81]

Hi,

Download this file. Copy it to your c:\windows\system32 folder. Drag'n'drop cmd.exe file there to this file you copied. Attempt the batch again.

 

[kingnothing]

It will not run, again it says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

 

[Blade81]

Hi,

Show hidden files
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.

Please upload following files to VirusTotal if you can find them and post back links to the results:
c:\windows\system32\halmacpi.dll
C:\Windows\system32\apphelp.dll


Delete this file:
C:\Windows\winsvc32.exe

 

[kingnothing]

Hi,

results for c:\windows\system32\halmacpi.dll


results for C:\Windows\system32\apphelp.dll


I tried to delete the file C:\Windows\winsvc32.exe and got the following message:

The action can't be completed because the file is open in another program.

Close the file and try again.

winsvc32
File description: Bitlocker Drive Encryption Servicing Utility

Company: Microsoft Corporation
File version:6.0.6000.16386
Date created: 22/06/2009 13:39
Size: 1104KB

 

[Blade81]

Hi,

Turn off UAC:
1. Click or right click on Flag icon in notification area (system tray), and then Open Action Center.
2. Click on User Account Control settings link.
3. Slide the slider bar to the lowest value (towards Never Notify), with description showing Never notify me.
4. Click OK to make the change effective.
5. Restart the computer to turn off User Access Control.

Please download a fresh copy of Win32kdiag to your desktop. Right click the file and select "run as administrator". See if it works that way.

 

[kingnothing]

Ok I got Win32kdiag to run, below is the log file it created:

Log file is located at: C:\Users\Tom\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\DigitalLocker\en-US\en-US

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\inf\PNRPSvc\0000\0000

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\inf\PNRPSvc\0409\0409

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\audit\audit

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\Icon Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\servicing\SQM\SQM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\cleanmgr.exe

[1] 2009-04-22 06:18:49 212480 C:\Windows\System32\cleanmgr.exe ()

 

[Blade81]

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
%userprofile%\desktop\win32kdiag.exe -f -r

See if you're able to run that batch I asked you to create earlier.

 

[kingnothing]

It ran but I thing the program crashed or something, below is the log file it created:

Log file is located at: C:\Users\Tom\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\AppPatch\Custom\Custom

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\temp\temp

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\tmp\tmp

Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\CSC\v2.0.6\namespace\namespace

Found mount point : C:\Windows\DigitalLocker\en-US\en-US

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\DigitalLocker\en-US\en-US

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ehome\CreateDisc\style\style

Found mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed

Found mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed

Found mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Help\Corporate\Corporate

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Help\OEM\OEM

Found mount point : C:\Windows\inf\PNRPSvc\0000\0000

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\inf\PNRPSvc\0000\0000

Found mount point : C:\Windows\inf\PNRPSvc\0409\0409

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\inf\PNRPSvc\0409\0409

Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\LiveKernelReports\LiveKernelReports

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Microsoft.NET\authman\authman

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ModemLogs\ModemLogs

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Panther\setup.exe\setup.exe

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\Windows\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PIF\PIF

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PLA\Templates\Templates

Found mount point : C:\Windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Registration\CRMLog\CRMLog

Found mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps

Found mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SchCache\SchCache

Found mount point : C:\Windows\security\audit\audit

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\security\audit\audit

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\security\templates\templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temp

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\Icon Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\Icon Files

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Found mount point : C:\Windows\servicing\SQM\SQM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\servicing\SQM\SQM

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs

Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a

Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Found mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler

Cannot access: C:\Windows\System32\cleanmgr.exe

Attempting to restore permissions of : C:\Windows\System32\cleanmgr.exe

[1] 2009-04-22 06:18:49 212480 C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)


The batch file still won't run.

 

[kingnothing]

Apparently it hadn't finished so here is the complete log file:

Log file is located at: C:\Users\Tom\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\AppPatch\Custom\Custom

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\temp\temp

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\tmp\tmp

Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\CSC\v2.0.6\namespace\namespace

Found mount point : C:\Windows\DigitalLocker\en-US\en-US

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\DigitalLocker\en-US\en-US

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ehome\CreateDisc\style\style

Found mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed

Found mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed

Found mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Help\Corporate\Corporate

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Help\OEM\OEM

Found mount point : C:\Windows\inf\PNRPSvc\0000\0000

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\inf\PNRPSvc\0000\0000

Found mount point : C:\Windows\inf\PNRPSvc\0409\0409

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\inf\PNRPSvc\0409\0409

Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\LiveKernelReports\LiveKernelReports

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Microsoft.NET\authman\authman

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ModemLogs\ModemLogs

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Panther\setup.exe\setup.exe

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\Windows\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PIF\PIF

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PLA\Templates\Templates

Found mount point : C:\Windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Registration\CRMLog\CRMLog

Found mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps

Found mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SchCache\SchCache

Found mount point : C:\Windows\security\audit\audit

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\security\audit\audit

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\security\templates\templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temp

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\Icon Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\Icon Files

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Found mount point : C:\Windows\servicing\SQM\SQM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\servicing\SQM\SQM

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs

Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a

Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Found mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler

Cannot access: C:\Windows\System32\cleanmgr.exe

Attempting to restore permissions of : C:\Windows\System32\cleanmgr.exe

[1] 2009-04-22 06:18:49 212480 C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)

[1] 2009-04-22 06:18:49 212480 C:\Windows\winsxs\x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7100.0_none_de372ec2b2a1a27c\cleanmgr.exe (Microsoft Corporation)



Cannot access: C:\Windows\System32\cmd.exe

Attempting to restore permissions of : C:\Windows\System32\cmd.exe

[1] 2009-04-22 06:18:51 301568 C:\Windows\System32\cmd.exe (Microsoft Corporation)

[1] 2009-04-22 06:18:51 301568 C:\Windows\winsxs\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7100.0_none_fbffbf1e6f725ab8\cmd.exe (Microsoft Corporation)



Cannot access: C:\Windows\System32\cngaudit.dll

Attempting to restore permissions of : C:\Windows\System32\cngaudit.dll

[1] 2009-04-22 06:20:04 61952 C:\Windows\System32\cngaudit.dll ()

[1] 2009-04-22 06:20:04 12288 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll (Microsoft Corporation)



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-09-27 10:48:32 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-09-27 10:48:11 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-09-27 10:48:11 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Found mount point : C:\Windows\Temp\_avast4_\_avast4_

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\_avast4_\_avast4_

Found mount point : C:\Windows\Vss\Writers\Application\Application

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Vss\Writers\Application\Application

Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\winsxs\InstallTemp\InstallTemp

Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames



Finished!

 

[kingnothing]

Just tried the batch file again and it ran, below is the logfile:

Volume in drive C has no label.
Volume Serial Number is D8DE-BEEE

Directory of C:\WINDOWS\System32

22/04/2009 06:21 175,616 scecli.dll

Directory of C:\WINDOWS\System32

22/04/2009 06:21 561,152 netlogon.dll

Directory of C:\WINDOWS\System32

22/04/2009 06:20 61,952 cngaudit.dll
3 File(s) 798,720 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03

22/04/2009 06:20 12,288 cngaudit.dll
1 File(s) 12,288 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b

22/04/2009 06:21 175,616 scecli.dll
1 File(s) 175,616 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_6eaaafa48d0fb9a0

22/04/2009 06:21 561,152 netlogon.dll
1 File(s) 561,152 bytes

Total Files Listed:
6 File(s) 1,547,776 bytes
0 Dir(s) 13,777,342,464 bytes free

 

[Blade81]

Hi,

Start GMER. Click >>>, select files tab and browse to C:\Windows\System32\cngaudit.dll file. Kill the file by highlighting it and pressing kill button in GMER. Reboot.

Then create a batch file with following contents (creation steps are otherwise same as with that other batch):

copy /y C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll c:\windows\system32\cngaudit.dll

Run the batch.

After that, run Win32kDiag again and post back its report.

 

[kingnothing]

I've started Gmer but I can't seem to locate C:\Windows from it? :sad:

From the file tab I have a list of folders in the left hand pane.

At the top I have

C:\

then followed by lots of foldersbut no windows folder.