Crypt.HNO / Newsranch virus?! [Archive]

dwayne2005

2009-09-21, 04:00

Hi. I am having problems with my worst virus infection ever. It seems to be identical to the one reported here:
http://forums.spybot.info/showthread.php?p=334461

It was not deleting the Malware Bytes .exe as far as I can tell, but blocks administrator rights to the file. I just ran SpyBot and it done the same thing. Both programs just close off within a short while. Every time I reinstall, program works for a few seconds then shuts off. Also done the same thing with Advanced SystemsCare!

I can't boot in safe mode at all! Every time I attempt, just before logging in the computer resets!

Earlier, AVG detected two files it reported as Crypt.HNO. They were c.exe and d.exe and found in the Local Settings/Temp dir. In that directory, I found an a.exe and a b.exe. I know the b.exe kept popping up in my system tasks. I erased the files but it hasn't helped.

I've attempted quick scans of AVG and ClamWin but they don't detect a virus in the system memory.

I just now ran Win32kDiag, it kind of stopped at 'Cannot access: D:\windows\system32\eventlog.dll' but I'll post the .txt results anyway:

Running from: D:\Documents and Settings\KirkD.LOUGEROOM\Desktop\Win32kDiag.exe

Log file at : D:\Documents and Settings\KirkD.LOUGEROOM\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'D:\windows'...

Found mount point : D:\windows\$hf_mig$\KB904706\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB904706\update\update

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB917344\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB917344\update\update

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB924191\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB924191\update\update

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB929969\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB929969\update\update

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB931836\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB931836\update\update

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB933360\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB933360\update\update

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB933566\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB933566\update\update

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB937143\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB937143\update\update

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB939653\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB939653\update\update

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB942615\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB942615\update\update

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\$hf_mig$\KB946627\update\update

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\GAC\cli_basetypes\1.0.5.0__ce2cb7e279207b9e\1.0.5.0__ce2cb7e279207b9e

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\GAC\cli_cppuhelper\1.0.8.0__ce2cb7e279207b9e\1.0.8.0__ce2cb7e279207b9e

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\GAC\cli_types\1.1.8.0__ce2cb7e279207b9e\1.1.8.0__ce2cb7e279207b9e

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\GAC\cli_ure\1.0.8.0__ce2cb7e279207b9e\1.0.8.0__ce2cb7e279207b9e

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\GAC\policy.1.0.cli_basetypes\5.0.0.0__ce2cb7e279207b9e\5.0.0.0__ce2cb7e279207b9e

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\GAC\policy.1.0.cli_cppuhelper\8.0.0.0__ce2cb7e279207b9e\8.0.0.0__ce2cb7e279207b9e

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\GAC\policy.1.0.cli_ure\8.0.0.0__ce2cb7e279207b9e\8.0.0.0__ce2cb7e279207b9e

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\GAC\policy.1.1.cli_types\8.0.0.0__ce2cb7e279207b9e\8.0.0.0__ce2cb7e279207b9e

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_12d50c91\1.0.5000.0__b03f5f7f11d50a3a_12d50c91

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6e7a206f\1.0.5000.0__b03f5f7f11d50a3a_6e7a206f

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0af846bf\1.0.5000.0__b77a5c561934e089_0af846bf

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_444471e1\1.0.5000.0__b77a5c561934e089_444471e1

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1cd50daf\1.0.5000.0__b77a5c561934e089_1cd50daf

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e280c659\1.0.5000.0__b77a5c561934e089_e280c659

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_db12bf44\1.0.5000.0__b03f5f7f11d50a3a_db12bf44

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e69c3dd9\1.0.5000.0__b03f5f7f11d50a3a_e69c3dd9

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0e9c7099\1.0.5000.0__b03f5f7f11d50a3a_0e9c7099

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_25f0b05b\1.0.5000.0__b03f5f7f11d50a3a_25f0b05b

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_21d60eb5\1.0.5000.0__b03f5f7f11d50a3a_21d60eb5

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ddde17d5\1.0.5000.0__b03f5f7f11d50a3a_ddde17d5

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_150a988a\1.0.5000.0__b77a5c561934e089_150a988a

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_804cf639\1.0.5000.0__b77a5c561934e089_804cf639

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_56bb86c6\1.0.5000.0__b77a5c561934e089_56bb86c6

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_d5e89a62\1.0.5000.0__b77a5c561934e089_d5e89a62

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\852be8f752663a79b42415eb82dea5a6\852be8f752663a79b42415eb82dea5a6

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\7c356c6ad516374b13230e0b56853c13\7c356c6ad516374b13230e0b56853c13

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a277df3e42a5cce121a22bbc355e67e3\a277df3e42a5cce121a22bbc355e67e3

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\e0786b3ff6c53b23a3e0781a432e2b43\e0786b3ff6c53b23a3e0781a432e2b43

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c0b95cddc9317bd6b2a8dc1ab2c09b1e\c0b95cddc9317bd6b2a8dc1ab2c09b1e

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\03c2f2a55909ec1c49dfb9e19bb15719\03c2f2a55909ec1c49dfb9e19bb15719

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d41a09e4318c23bb5d2c7d35b9457512\d41a09e4318c23bb5d2c7d35b9457512

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\5bf9ce99e8fb9ef3c91aa6409d98c048\5bf9ce99e8fb9ef3c91aa6409d98c048

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bda938791ea3d1a49d7511f8ddc8bbcd\bda938791ea3d1a49d7511f8ddc8bbcd

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2c9986f0f331440ff369f300d6a64d51\2c9986f0f331440ff369f300d6a64d51

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System\f9e0cc41d4708780bfbd7858d0ad6d6f\f9e0cc41d4708780bfbd7858d0ad6d6f

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\06f2476a262b3d3bb51e85af0c7f197f\06f2476a262b3d3bb51e85af0c7f197f

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\bf763753987a6752548322a41ab47e73\bf763753987a6752548322a41ab47e73

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\fd3a95f0158de6cb4ddfb9381154a8b3\fd3a95f0158de6cb4ddfb9381154a8b3

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\4eb8b02f2aaec1ef2a7e367974c76077\4eb8b02f2aaec1ef2a7e367974c76077

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\717c98caa11f516f88e8657ce115432a\717c98caa11f516f88e8657ce115432a

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\797614de14fdda307abd83e914a61be3\797614de14fdda307abd83e914a61be3

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\765b7f8eb71d453c39797592675b65f1\765b7f8eb71d453c39797592675b65f1

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\1131c18dc8dc1ef3841dc43002c8a8a9\1131c18dc8dc1ef3841dc43002c8a8a9

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\f4e78db696f3568c34bfbb66a27d5fc5\f4e78db696f3568c34bfbb66a27d5fc5

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\34e37b96cc209ff5b60b147f3c975d43\34e37b96cc209ff5b60b147f3c975d43

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\1991332a7b4c79030de26977aa2d9981\1991332a7b4c79030de26977aa2d9981

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d76c3a6e10a885d6be461e27f50db1fc\d76c3a6e10a885d6be461e27f50db1fc

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\bf7b9b865c074bac8518ac3dfb3ab23b\bf7b9b865c074bac8518ac3dfb3ab23b

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\dd46e4561102b7881877b5e42fd72544\dd46e4561102b7881877b5e42fd72544

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1788c4f7a4ab94dfe9c3195b975f084e\1788c4f7a4ab94dfe9c3195b975f084e

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\08608f236cbf6293adcba5b1ad8a5501\08608f236cbf6293adcba5b1ad8a5501

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9d8cfd67b3e53c22de30748fbda2a7d9\9d8cfd67b3e53c22de30748fbda2a7d9

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP130.tmp\ZAP130.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B5.tmp\ZAP2B5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39C.tmp\ZAP39C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP40.tmp\ZAP40.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46.tmp\ZAP46.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP482.tmp\ZAP482.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP49E.tmp\ZAP49E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Downloaded Installations\{327F5C2B-33D4-471D-9606-2AB1A2FC342C}\{327F5C2B-33D4-471D-9606-2AB1A2FC342C}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Downloaded Installations\{4F5A2FA8-3155-11D6-A498-00C0CA17CB87}\{4F5A2FA8-3155-11D6-A498-00C0CA17CB87}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Downloaded Installations\{92809A27-8CC3-4E31-8E7B-A6F39ECB8877}\{92809A27-8CC3-4E31-8E7B-A6F39ECB8877}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Downloaded Installations\{D1C8CC7A-843F-4A4A-9B8E-D0588EB02AC5}\{D1C8CC7A-843F-4A4A-9B8E-D0588EB02AC5}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\inf\MEDIAINF\MEDIAINF

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{08094E03-AFE4-4853-9D31-6D0743DF5328}\{08094E03-AFE4-4853-9D31-6D0743DF5328}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{3248F0A8-6813-11D6-A77B-00B0D0160010}\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{3A08D157-C9C7-459D-8ACF-0720A227BA04}\{3A08D157-C9C7-459D-8ACF-0720A227BA04}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{3A3885C5-101A-4B8D-8DE5-A5F52DE5CC21}\{3A3885C5-101A-4B8D-8DE5-A5F52DE5CC21}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{3F9EFA28-D2FE-44B7-8896-0B0FF8DF5517}\{3F9EFA28-D2FE-44B7-8896-0B0FF8DF5517}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{74EC78BC-B379-4E29-9006-8F161DCAABA6}\{74EC78BC-B379-4E29-9006-8F161DCAABA6}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{84056AB6-45A4-428E-B6B0-28E28FE2FA91}\{84056AB6-45A4-428E-B6B0-28E28FE2FA91}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{8A7CAA24-7B23-410B-A7C3-F994B0944160}\{8A7CAA24-7B23-410B-A7C3-F994B0944160}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{9748C1D2-37F0-458E-B204-BF102B1BD5C0}\{9748C1D2-37F0-458E-B204-BF102B1BD5C0}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{A1C8D94A-4303-4489-B585-4B6E6CD408CB}\{A1C8D94A-4303-4489-B585-4B6E6CD408CB}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\{C04E32E0-0416-434D-AFB9-6969D703A9EF}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{C892C691-99DC-4B49-BEAA-65B96BB3460D}\{C892C691-99DC-4B49-BEAA-65B96BB3460D}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Installer\{E2BE1618-AF5F-4F7D-8484-42E080EDF609}\{E2BE1618-AF5F-4F7D-8484-42E080EDF609}

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\JSW3v2\JSW3v2

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW1552\SHADOW1552

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\Microsoft .NET Framework 2.0

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Paul's Blackjack\Paul's Blackjack

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Preferences\PySol\KirkD\music\music

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Preferences\PySol\KirkD\savegames\savegames

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Preferences\PySol\KirkD\screenshots\screenshots

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Preferences\PySol\KirkD\tiles\tiles

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\profiles\administrator\desktop\desktop

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\quarantined\allusers-media-bookmarks\allusers-media-bookmarks

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\quarantined\icons\icons

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\SoftwareDistribution\Download\323bd52daae096355cb65f7aa8df6bd9\323bd52daae096355cb65f7aa8df6bd9

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\SoftwareDistribution\Download\fa58243222bcfe35e5467668df396003\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\solcache\solcache

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : D:\windows\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: D:\windows\system32\eventlog.dll

[1] 2004-08-04 20:00:00 55808 D:\windows\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)