USN Journal entries 700,000 lines in Notepad - BUILTIN Administrator cannot delete

-1

I don't really understand much, but have been having a LOT of problems. Zero-filling / low-level formatting my hard drive doesn't seem to touch the USN Journal entries on there (I've tried DBAN, KillDisk, UBCD and Linux distributions - all to no avail).

NET USER ADMINISTRATOR can't delete them either. I kind of have had a feeling for awhile, that my BUILTIN Administrator answers to a higher Administrator who's deploying unattended Active signed Microsoft code to my system silently (but recorded in cbs.log files which are so insane, it's hilarious - example: yesterday, a single Windows Update appeared, which MSSE already downloaded 6 hrs prior, I shrugged and installed it. It said "Installed Successfully" or w/e, then I opened cbs.log - in 41 seconds, 7000 lines of cbs entries.)

jonny

Posted 2011-04-27T20:06:28.337

Reputation: 17

Answers

6

Ok... you've just given me a long list of conflicting stories that make you sound like a paranoid non-geek... who is trying to understand things without bothering to do research on the subject.

  1. low-level formatting removes EVERYTHING from the disk. There is NO way that there would even be a concept of journal entries on your hard drive... as there would be no file system at all. I seriously doubt you even know what a "low-level" format is. You're probably referring to a standard format that most tools today do. After a standard format, a file-system is created. NTFS does do journaling (as well as many other file-system types out there) as one of it's core features. It might help to do a bit of research on the subject. http://en.wikipedia.org/wiki/Journaling_file_system
  2. Administrator is not the root of all power in a windows system. The SYSTEM account is the source of all power. Administrator is the highest-level user account... which gives you sufficient authority to do almost everything. The remaining stuff you can't do... should probably not be done to start with. Administrator cannot mess with the journal entries, as this is a low-level file-system feature that should NEVER be modified by a user.
  3. the "CBS.log" has nothing to do with Windows Updates directly. The CBS.log file contains "information" on actions that the SFC is performing. SFC runs for a variety of reasons, but it's primary purpose is to make sure that system files are exactly what they appear to be. It is used to make sure that core operating system files haven't been tampered with. SFC logs every action it is performing... not just those that failed. The log is constantly being modified... and is constantly checking your system for bad-stuff. A Microsoft "update" will use SFC to verify the components of the package being deployed, and it will also run even if you do not install updates to make sure things are OK. 7000 lines in your log... is nothing big.
  4. There is no secret Microsoft plot to "deploy unattended Active signed Microsoft code to your system silently". If there was, I seriously doubt that "Microsoft Security Essentials" would be the one to tell you about it.

TheCompWiz

Posted 2011-04-27T20:06:28.337

Reputation: 9 161

Asked: 2011-04-27T20:06:28.337

Viewed: 501 times

Active: 2011-04-27T21:37:37.287