danuttah
2009-09-30, 20:51
Hi there,
Got a strange issue on a laptop. IE will not run at all, Windows Defender periodically reports that a renos.N has been found, it tries to remove but never appears to be successful. Tried running Spybot, it loads up and as soon as the scan starts, it exits. Any further attempts to run are met with a 'Windows cannot access the specified file or folder' error. Hi-Jack this does the same. Scanned with AVG, it found nothing. I had a read through these forums and these issues sound very much like other rootkit infections. I have taken the liberty of running Win32kDiag which produced the following, any help would be very much appreciated. I have managed to get rid of infections in the past by myself, but this has me stumped.
Running from: C:\Users\iain\Documents\Downloads\Win32kDiag.exe
Log file at : C:\Users\iain\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Found mount point : C:\Windows\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2809.tmp\ZAP2809.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4A1B.tmp\ZAP4A1B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP819D.tmp\ZAP819D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8D7E.tmp\ZAP8D7E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB98E.tmp\ZAPB98E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBB55.tmp\ZAPBB55.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Drivers\EXE\Audio Driver (Realtek)\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ehome\CreateDisc\style\style
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\Globalization
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Help\Corporate\Corporate
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Microsoft.NET\authman\authman
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ModemLogs\ModemLogs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\nap\configuration\configuration
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Panther\setup.exe\setup.exe
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PLA\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SchCache\SchCache
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\security\templates\templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Crypto\Keys\Keys
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Sonysys\Sonysys
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Cannot access: C:\Windows\System32\cngaudit.dll
[1] 2006-11-02 10:46:03 61952 C:\Windows\System32\cngaudit.dll ()
[2] 2006-11-02 10:46:03 11776 C:\Windows\System32\logevent.dll (Microsoft Corporation)
Got a strange issue on a laptop. IE will not run at all, Windows Defender periodically reports that a renos.N has been found, it tries to remove but never appears to be successful. Tried running Spybot, it loads up and as soon as the scan starts, it exits. Any further attempts to run are met with a 'Windows cannot access the specified file or folder' error. Hi-Jack this does the same. Scanned with AVG, it found nothing. I had a read through these forums and these issues sound very much like other rootkit infections. I have taken the liberty of running Win32kDiag which produced the following, any help would be very much appreciated. I have managed to get rid of infections in the past by myself, but this has me stumped.
Running from: C:\Users\iain\Documents\Downloads\Win32kDiag.exe
Log file at : C:\Users\iain\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Found mount point : C:\Windows\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2809.tmp\ZAP2809.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4A1B.tmp\ZAP4A1B.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP819D.tmp\ZAP819D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8D7E.tmp\ZAP8D7E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB98E.tmp\ZAPB98E.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBB55.tmp\ZAPBB55.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Drivers\EXE\Audio Driver (Realtek)\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ehome\CreateDisc\style\style
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\Globalization
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Help\Corporate\Corporate
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Microsoft.NET\authman\authman
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ModemLogs\ModemLogs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\nap\configuration\configuration
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Panther\setup.exe\setup.exe
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PLA\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SchCache\SchCache
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\security\templates\templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Crypto\Keys\Keys
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Sonysys\Sonysys
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixas\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixdts\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixns\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixrs\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixsql\files\files
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SQL9_KB954606_ENU\hotfixtools\files\files
Mount point destination : \Device\__max++>\^
Cannot access: C:\Windows\System32\cngaudit.dll
[1] 2006-11-02 10:46:03 61952 C:\Windows\System32\cngaudit.dll ()
[2] 2006-11-02 10:46:03 11776 C:\Windows\System32\logevent.dll (Microsoft Corporation)