Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't remove PUP.BITMINER


  • This topic is locked This topic is locked
17 replies to this topic

#1 jdawg10161

jdawg10161

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 09 December 2011 - 09:57 AM

Malwarebytes is detecting PUP.BITMINER located in c:\windows\assembly\temp\kwrd.dll and is unsuccessful at removing it. Any help would be greatly appreciated. Here are my DDS logs.....





DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by BOSS-Student at 9:38:43 on 2011-12-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1911.741 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\ProgramData\Rpcnet\Bin\rpcld.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
uURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
mURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mWinlogon: Userinit=userinit.exe,
BHO: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.21.0.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7CD3423B-D39C-4DA0-ABD5-A7BA9738B243} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{ADF6D58F-6E60-4041-9259-620E89FE98EA} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: vShare Toolbar: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO-X64: vshare.tv Bar - No File
BHO-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: vShare Toolbar: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
TB-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 216.240.133.193 www.google-analytics.com.
Hosts: 216.240.133.193 ad-emea.doubleclick.net.
Hosts: 216.240.133.193 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BOSS-Student\AppData\Roaming\Mozilla\Firefox\Profiles\oxkcqmk8.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - www.rr.com
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\BOSS-Student\AppData\Roaming\Mozilla\Firefox\Profiles\oxkcqmk8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: C:\Users\BOSS-Student\AppData\Roaming\Mozilla\Firefox\Profiles\oxkcqmk8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\BOSS-Student\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AcronisAgent;Acronis Remote Agent Service;C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2010-3-31 1877880]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-9-17 75048]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-19 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-22 366152]
R2 MMS;Acronis Managed Machine Service;C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [2010-3-31 4487384]
R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-9-17 82416]
R2 rpcld;Remote Procedure Call (RPC) LD;C:\ProgramData\Rpcnet\Bin\rpcld.exe --> C:\ProgramData\Rpcnet\Bin\rpcld.exe [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-19 2320920]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 VKBD;Virtual Keyboard Device;C:\Windows\system32\DRIVERS\virkbd.sys --> C:\Windows\system32\DRIVERS\virkbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Printer Control;Printer Control;C:\Windows\system32\PrintCtrl.exe --> C:\Windows\system32\PrintCtrl.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys --> C:\Windows\system32\DRIVERS\wdcsam.sys [?]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-09 05:29:48 -------- d-----w- C:\Users\BOSS-Student\FrostWire
2011-12-09 05:29:42 -------- d-----w- C:\Users\BOSS-Student\.frostwire5
2011-12-09 05:29:20 -------- d-----w- C:\Program Files (x86)\FrostWire 5
2011-12-09 03:46:02 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75441876-D44E-46E9-8A66-3104A4892134}\offreg.dll
2011-12-09 03:45:55 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75441876-D44E-46E9-8A66-3104A4892134}\mpengine.dll
2011-12-05 22:50:48 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-28 20:05:47 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-11-28 20:05:47 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-11-28 20:05:28 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-11-28 20:05:28 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-11-28 20:04:17 -------- d-----w- C:\Windows\System32\RsFx
2011-11-28 19:57:46 -------- d-----w- C:\Program Files\Microsoft SQL Server
2011-11-28 19:51:45 2118848 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-11-27 19:30:21 -------- d-----w- C:\Users\BOSS-Student\AppData\Local\Conduit
2011-11-27 19:30:20 -------- d-----w- C:\Program Files (x86)\vshare.tv_Bar
2011-11-27 19:30:14 -------- d-----w- C:\Program Files (x86)\vShare.tv plugin
2011-11-16 15:18:13 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-16 15:18:13 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-16 15:18:12 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-16 15:18:10 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-15 22:24:12 -------- d-----w- C:\Backreg
2011-11-15 21:28:23 -------- d-----w- C:\Program Files (x86)\Sophos
2011-11-15 19:50:52 -------- d-----w- C:\BackSys
2011-11-15 15:58:13 -------- d-----w- C:\Program Files\CCleaner
2011-11-14 20:30:15 -------- d-----we C:\Windows\system64
2011-11-14 20:15:15 -------- d-----w- C:\Users\BOSS-Student\AppData\Roaming\10FE3
2011-11-10 03:23:25 -------- d-----w- C:\Users\BOSS-Student\AppData\Local\TVU Networks
2011-11-10 03:23:25 -------- d-----w- C:\ProgramData\TVU Networks
2011-11-10 03:20:04 -------- d-----w- C:\Windows\SysWow64\TVUAx
.
==================== Find3M ====================
.
2011-12-09 14:02:58 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2011-12-09 14:02:54 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-12-09 13:30:40 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-12-09 13:30:07 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-11-22 23:01:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-01 16:09:10 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe
2011-11-01 16:09:06 58288 ------w- C:\Windows\SysWow64\rpcnet.exe
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 9:39:48.21 ===============

Attached Files


Edited by jdawg10161, 09 December 2011 - 10:03 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,667 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 PM

Posted 15 December 2011 - 10:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431506 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jdawg10161

jdawg10161
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 15 December 2011 - 12:29 PM

I am running Windows 7 64 bit and when using Malwarebytes antimalware it detects pup.bitminer in c:\windows\assembly\temp\kwrd.dll but when trying to remove it Malwarebytes says quarantined and removed successfully but the next time Malwarebytes runs it is still there Here are my new DDS logs:



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by BOSS-Student at 12:17:07 on 2011-12-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1911.763 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\ctfmon.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\Rpcnet\Bin\rpcld.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
uURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
mURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mWinlogon: Userinit=userinit.exe,
BHO: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.21.0.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7CD3423B-D39C-4DA0-ABD5-A7BA9738B243} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{ADF6D58F-6E60-4041-9259-620E89FE98EA} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: vShare Toolbar: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO-X64: vshare.tv Bar - No File
BHO-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: vShare Toolbar: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll
TB-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 216.240.133.193 www.google-analytics.com.
Hosts: 216.240.133.193 ad-emea.doubleclick.net.
Hosts: 216.240.133.193 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BOSS-Student\AppData\Roaming\Mozilla\Firefox\Profiles\oxkcqmk8.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - www.rr.com
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\BOSS-Student\AppData\Roaming\Mozilla\Firefox\Profiles\oxkcqmk8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: C:\Users\BOSS-Student\AppData\Roaming\Mozilla\Firefox\Profiles\oxkcqmk8.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\BOSS-Student\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AcronisAgent;Acronis Remote Agent Service;C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2010-3-31 1877880]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-9-17 75048]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-19 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-22 366152]
R2 MMS;Acronis Managed Machine Service;C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [2010-3-31 4487384]
R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-9-17 82416]
R2 rpcld;Remote Procedure Call (RPC) LD;C:\ProgramData\Rpcnet\Bin\rpcld.exe --> C:\ProgramData\Rpcnet\Bin\rpcld.exe [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-19 2320920]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 VKBD;Virtual Keyboard Device;C:\Windows\system32\DRIVERS\virkbd.sys --> C:\Windows\system32\DRIVERS\virkbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Printer Control;Printer Control;C:\Windows\system32\PrintCtrl.exe --> C:\Windows\system32\PrintCtrl.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys --> C:\Windows\system32\DRIVERS\wdcsam.sys [?]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-14 13:37:06 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A610883-6603-4723-A133-52AF19A92F98}\offreg.dll
2011-12-14 13:37:02 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A610883-6603-4723-A133-52AF19A92F98}\mpengine.dll
2011-12-09 05:29:48 -------- d-----w- C:\Users\BOSS-Student\FrostWire
2011-12-09 05:29:42 -------- d-----w- C:\Users\BOSS-Student\.frostwire5
2011-12-09 05:29:20 -------- d-----w- C:\Program Files (x86)\FrostWire 5
2011-12-05 22:50:48 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-28 20:05:47 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-11-28 20:05:47 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-11-28 20:05:28 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-11-28 20:05:28 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-11-28 20:04:17 -------- d-----w- C:\Windows\System32\RsFx
2011-11-28 19:57:46 -------- d-----w- C:\Program Files\Microsoft SQL Server
2011-11-28 19:51:45 2118848 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-11-27 19:30:21 -------- d-----w- C:\Users\BOSS-Student\AppData\Local\Conduit
2011-11-27 19:30:20 -------- d-----w- C:\Program Files (x86)\vshare.tv_Bar
2011-11-27 19:30:14 -------- d-----w- C:\Program Files (x86)\vShare.tv plugin
2011-11-16 15:18:13 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-16 15:18:13 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-16 15:18:12 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-16 15:18:10 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-15 22:24:12 -------- d-----w- C:\Backreg
2011-11-15 21:28:23 -------- d-----w- C:\Program Files (x86)\Sophos
2011-11-15 19:50:52 -------- d-----w- C:\BackSys
.
==================== Find3M ====================
.
2011-12-14 23:50:19 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2011-12-14 23:50:17 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-12-09 13:30:40 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-12-09 13:30:07 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-11-22 23:01:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-01 16:09:10 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe
2011-11-01 16:09:06 58288 ------w- C:\Windows\SysWow64\rpcnet.exe
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 12:18:54.86 ===============

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 PM

Posted 15 December 2011 - 01:22 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#5 jdawg10161

jdawg10161
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 15 December 2011 - 11:43 PM

Thank you for helping me today! After running combo fix and security fix when trying to open the log files or any program I get an error that says Illegal operation on a registry key that has been marked for deletion. The only way I can run any programs is as administrator but won't allow me to open my text documents.

#6 jdawg10161

jdawg10161
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 16 December 2011 - 12:13 AM

ok reran combofix and security check here are the logs. Still can't run programs normally though.


ComboFix 11-12-15.02 - BOSS-Student 12/15/2011 23:46:19.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1911.993 [GMT -5:00]
Running from: c:\users\BOSS-Student\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 04:51 . 2011-12-16 04:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 04:51 . 2011-12-16 04:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-12-16 04:51 . 2011-12-16 04:51 -------- d-----w- c:\users\Acronis Agent User\AppData\Local\temp
2011-12-15 17:47 . 2011-12-16 04:25 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89E66249-CCDC-4DC4-8CD7-0FFA5A30B133}\offreg.dll
2011-12-15 17:47 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89E66249-CCDC-4DC4-8CD7-0FFA5A30B133}\mpengine.dll
2011-12-15 17:44 . 2011-12-15 17:44 -------- d-----w- c:\users\BOSS-Student\AppData\Local\Google
2011-12-09 05:29 . 2011-12-09 05:30 -------- d-----w- c:\users\BOSS-Student\FrostWire
2011-12-09 05:29 . 2011-12-09 09:09 -------- d-----w- c:\users\BOSS-Student\.frostwire5
2011-12-09 05:29 . 2011-12-09 05:29 -------- d-----w- c:\program files (x86)\FrostWire 5
2011-12-05 22:50 . 2011-12-05 22:50 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-28 20:05 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-11-28 20:05 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-11-28 20:05 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-11-28 20:05 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-11-28 20:04 . 2011-11-28 20:04 -------- d-----w- c:\windows\system32\RsFx
2011-11-28 20:03 . 2011-11-28 20:03 -------- d-----w- c:\program files\Microsoft.NET
2011-11-28 19:57 . 2011-11-28 22:31 -------- d-----w- c:\program files\Microsoft SQL Server
2011-11-28 19:51 . 2011-11-28 20:57 2118848 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-11-27 19:30 . 2011-11-27 19:30 -------- d-----w- c:\users\BOSS-Student\AppData\Local\Conduit
2011-11-27 19:30 . 2011-11-27 19:30 -------- d-----w- c:\program files (x86)\vshare.tv_Bar
2011-11-27 19:30 . 2011-11-27 19:30 -------- d-----w- c:\program files (x86)\vShare.tv plugin
2011-11-16 15:36 . 2011-11-16 15:36 -------- d-----w- c:\programdata\Apple Computer
2011-11-16 15:24 . 2011-11-16 15:24 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-16 15:18 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-16 15:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-16 15:18 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-16 15:18 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 04:26 . 2010-07-19 18:03 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-12-16 04:25 . 2010-07-20 17:41 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-12-15 22:41 . 2011-01-12 22:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-09 13:30 . 2010-07-19 18:04 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-12-09 13:30 . 2010-07-19 18:03 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-11-22 23:01 . 2011-05-14 20:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2010-07-21 19:07 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-01 16:09 . 2010-07-20 17:41 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2011-11-01 16:09 . 2010-07-20 17:41 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-17 00:24 . 2011-10-17 00:24 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-12 02:42 . 2011-10-12 02:44 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C65584FE-6CCF-4732-B34D-2B5B49C291DD}\gapaengine.dll
2011-10-01 03:25 . 2011-10-12 09:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 09:58 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-26 22:43 . 2011-10-12 02:44 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-16_04.26.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-12-16 03:49 33092 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-16 04:27 33092 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-28 14:35 . 2011-12-16 04:27 11196 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1556164688-2894596992-3463663314-1002_UserData.bin
- 2011-01-10 06:41 . 2011-12-16 03:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-10 06:41 . 2011-12-16 04:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-10 06:41 . 2011-12-16 03:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-10 06:41 . 2011-12-16 04:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-20 17:24 . 2011-12-16 03:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-20 17:24 . 2011-12-16 04:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-01 06:12 . 2011-12-16 04:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-01 06:12 . 2011-12-16 03:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 15:06 . 2011-12-16 04:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-20 15:06 . 2011-12-16 03:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2011-12-16 04:31 691110 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-16 03:53 691110 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-16 04:31 132492 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-16 03:53 132492 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyn0.dll" [2010-12-01 2735200]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-12-01 16:27 2735200 ----a-w- c:\program files (x86)\Zynga\tbZyn0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyn0.dll" [2010-12-01 2735200]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{981D99C3-9A42-11DF-AA35-806E6F6E6963}\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AcronisAgent;Acronis Remote Agent Service;c:\program files (x86)\Common Files\Acronis\Agent\agent.exe [2010-04-01 1877880]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [x]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-09-17 75048]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 MMS;Acronis Managed Machine Service;c:\program files (x86)\Acronis\BackupAndRecovery\mms.exe [2010-04-01 4487384]
S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-09-17 82416]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 VKBD;Virtual Keyboard Device;c:\windows\system32\DRIVERS\virkbd.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1556164688-2894596992-3463663314-1002Core.job
- c:\users\BOSS-Student\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-15 17:44]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1556164688-2894596992-3463663314-1002UA.job
- c:\users\BOSS-Student\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-15 17:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\BOSS-Student\AppData\Roaming\Mozilla\Firefox\Profiles\oxkcqmk8.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - www.rr.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1556164688-2894596992-3463663314-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{18EADC27-E86F-2893-CFD4-7B2021F3F416}*]
"iafebdkjigkgnlphlg"=hex:6a,61,69,66,67,6d,70,6e,61,61,6c,6a,68,66,62,68,65,64,
66,64,00,00
"halcdejgedeabmkb"=hex:6a,61,69,66,67,6d,70,6e,61,61,6c,6a,68,66,62,68,65,64,
66,64,00,00
"haoilkdnnkcaonol"=hex:66,61,64,66,63,6e,6b,66,6e,6b,66,67,00,01
.
[HKEY_USERS\S-1-5-21-1556164688-2894596992-3463663314-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{938A7D5D-9402-6CCC-179C-CAE517B84D50}*]
@Allowed: (Read) (RestrictedCode)
"hahfbmonlmfideon"=hex:66,61,69,6a,64,65,69,6b,67,65,6e,63,00,fd
"iaoaoflhcpgnefclhf"=hex:6a,61,6e,6a,6a,67,61,6d,6e,61,6b,6c,70,6f,6a,6a,6e,6d,
65,61,00,01
"haaccglilaohkoip"=hex:6a,61,6e,6a,64,65,6f,62,62,70,63,6c,65,6a,6c,63,6b,69,
6c,68,00,fe
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-15 23:53:48
ComboFix-quarantined-files.txt 2011-12-16 04:53
ComboFix2.txt 2011-12-16 04:30
.
Pre-Run: 66,085,470,208 bytes free
Post-Run: 66,018,398,208 bytes free
.
- - End Of File - - 3525B1EE8B104F4E6676EB7CDFC32350

_____________________________________________________________________________________________________________________________________________________


Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 27
Java version out of date!
Adobe Reader X (10.1.1)
Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 PM

Posted 16 December 2011 - 10:24 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 27

===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this dowload unless you do not have any Antivirus protection on the computer.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Junction.bat - Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.


"cmd /c junction -s c:\ >log.txt&log.txt& del log.txt"


Double-click on Junction.bat file to run the file.

On a Vista or Windows 7 operating system, right click the Junction.bat and run as Administrator.

Delete the file when done.

Post the content of the log.txt file?

Please post the logs for my review.

#8 jdawg10161

jdawg10161
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 16 December 2011 - 12:06 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-16 11:44:03
-----------------------------
11:44:03.788 OS Version: Windows x64 6.1.7601 Service Pack 1
11:44:03.788 Number of processors: 4 586 0x2505
11:44:03.790 ComputerName: BOSS_DPI UserName:
11:44:06.871 Initialize success
11:44:22.215 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:44:22.223 Disk 0 Vendor: ST916041 0002 Size: 152627MB BusType: 3
11:44:22.237 Disk 0 MBR read successfully
11:44:22.241 Disk 0 MBR scan
11:44:22.245 Disk 0 unknown MBR code
11:44:22.249 Service scanning
11:44:23.760 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
11:44:25.071 Modules scanning
11:44:25.077 Disk 0 trace - called modules:
11:44:25.098 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:44:25.105 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027a8060]
11:44:25.111 3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80024e0050]
11:44:25.116 Scan finished successfully
11:44:46.470 Disk 0 MBR has been saved successfully to "C:\Users\BOSS-Student\Desktop\MBR.dat"
11:44:46.505 The log file has been saved successfully to "C:\Users\BOSS-Student\Desktop\aswMBR.txt"
_____________________________________________________________________________________________________________________________________________________



11:46:58.0608 2280 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
11:46:58.0927 2280 ============================================================
11:46:58.0927 2280 Current date / time: 2011/12/16 11:46:58.0927
11:46:58.0927 2280 SystemInfo:
11:46:58.0927 2280
11:46:58.0927 2280 OS Version: 6.1.7601 ServicePack: 1.0
11:46:58.0927 2280 Product type: Workstation
11:46:58.0928 2280 ComputerName: BOSS_DPI
11:46:58.0928 2280 UserName: BOSS-Student
11:46:58.0928 2280 Windows directory: C:\Windows
11:46:58.0928 2280 System windows directory: C:\Windows
11:46:58.0928 2280 Running under WOW64
11:46:58.0928 2280 Processor architecture: Intel x64
11:46:58.0928 2280 Number of processors: 4
11:46:58.0928 2280 Page size: 0x1000
11:46:58.0928 2280 Boot type: Normal boot
11:46:58.0928 2280 ============================================================
11:46:59.0483 2280 Initialize success
11:47:03.0227 2316 ============================================================
11:47:03.0227 2316 Scan started
11:47:03.0227 2316 Mode: Manual;
11:47:03.0227 2316 ============================================================
11:47:03.0946 2316 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:47:03.0952 2316 1394ohci - ok
11:47:04.0024 2316 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:47:04.0030 2316 ACPI - ok
11:47:04.0085 2316 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:47:04.0088 2316 AcpiPmi - ok
11:47:04.0256 2316 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:47:04.0266 2316 adp94xx - ok
11:47:04.0350 2316 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:47:04.0357 2316 adpahci - ok
11:47:04.0418 2316 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:47:04.0422 2316 adpu320 - ok
11:47:04.0531 2316 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:47:04.0543 2316 AFD - ok
11:47:04.0620 2316 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:47:04.0623 2316 agp440 - ok
11:47:04.0713 2316 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:47:04.0715 2316 aliide - ok
11:47:04.0792 2316 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:47:04.0795 2316 amdide - ok
11:47:04.0873 2316 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:47:04.0876 2316 AmdK8 - ok
11:47:04.0927 2316 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:47:04.0929 2316 AmdPPM - ok
11:47:05.0016 2316 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:47:05.0020 2316 amdsata - ok
11:47:05.0071 2316 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:47:05.0076 2316 amdsbs - ok
11:47:05.0145 2316 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:47:05.0148 2316 amdxata - ok
11:47:05.0238 2316 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:47:05.0241 2316 AppID - ok
11:47:05.0354 2316 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:47:05.0356 2316 arc - ok
11:47:05.0425 2316 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:47:05.0428 2316 arcsas - ok
11:47:05.0503 2316 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:47:05.0506 2316 AsyncMac - ok
11:47:05.0587 2316 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:47:05.0589 2316 atapi - ok
11:47:05.0735 2316 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
11:47:05.0825 2316 athr - ok
11:47:05.0944 2316 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:47:05.0956 2316 b06bdrv - ok
11:47:06.0037 2316 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:47:06.0044 2316 b57nd60a - ok
11:47:06.0136 2316 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:47:06.0139 2316 Beep - ok
11:47:06.0217 2316 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:47:06.0219 2316 blbdrive - ok
11:47:06.0337 2316 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:47:06.0341 2316 bowser - ok
11:47:06.0397 2316 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:47:06.0399 2316 BrFiltLo - ok
11:47:06.0452 2316 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:47:06.0455 2316 BrFiltUp - ok
11:47:06.0567 2316 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:47:06.0574 2316 Brserid - ok
11:47:06.0612 2316 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:47:06.0614 2316 BrSerWdm - ok
11:47:06.0657 2316 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:47:06.0659 2316 BrUsbMdm - ok
11:47:06.0699 2316 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:47:06.0701 2316 BrUsbSer - ok
11:47:06.0801 2316 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:47:06.0803 2316 BthEnum - ok
11:47:06.0920 2316 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:47:06.0923 2316 BTHMODEM - ok
11:47:07.0094 2316 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:47:07.0098 2316 BthPan - ok
11:47:07.0252 2316 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:47:07.0277 2316 BTHPORT - ok
11:47:07.0386 2316 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:47:07.0390 2316 BTHUSB - ok
11:47:07.0503 2316 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
11:47:07.0509 2316 btusbflt - ok
11:47:07.0618 2316 catchme - ok
11:47:07.0712 2316 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:47:07.0719 2316 cdfs - ok
11:47:07.0916 2316 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:47:07.0920 2316 cdrom - ok
11:47:08.0093 2316 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:47:08.0100 2316 circlass - ok
11:47:08.0253 2316 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:47:08.0262 2316 CLFS - ok
11:47:08.0453 2316 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:47:08.0457 2316 CmBatt - ok
11:47:08.0554 2316 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:47:08.0557 2316 cmdide - ok
11:47:08.0700 2316 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:47:08.0723 2316 CNG - ok
11:47:08.0850 2316 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:47:08.0852 2316 Compbatt - ok
11:47:09.0082 2316 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:47:09.0086 2316 CompositeBus - ok
11:47:09.0283 2316 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:47:09.0286 2316 crcdisk - ok
11:47:09.0443 2316 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:47:09.0450 2316 DfsC - ok
11:47:09.0598 2316 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:47:09.0603 2316 discache - ok
11:47:09.0796 2316 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:47:09.0804 2316 Disk - ok
11:47:10.0005 2316 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:47:10.0008 2316 drmkaud - ok
11:47:10.0290 2316 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:47:10.0456 2316 DXGKrnl - ok
11:47:10.0813 2316 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:47:10.0902 2316 ebdrv - ok
11:47:11.0149 2316 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:47:11.0174 2316 elxstor - ok
11:47:11.0251 2316 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:47:11.0253 2316 ErrDev - ok
11:47:11.0484 2316 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:47:11.0523 2316 exfat - ok
11:47:11.0610 2316 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:47:11.0614 2316 fastfat - ok
11:47:11.0764 2316 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:47:11.0768 2316 fdc - ok
11:47:11.0986 2316 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:47:11.0990 2316 FileInfo - ok
11:47:12.0085 2316 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:47:12.0090 2316 Filetrace - ok
11:47:12.0176 2316 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:47:12.0179 2316 flpydisk - ok
11:47:12.0298 2316 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:47:12.0304 2316 FltMgr - ok
11:47:12.0382 2316 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:47:12.0388 2316 FsDepends - ok
11:47:12.0549 2316 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
11:47:12.0550 2316 fssfltr - ok
11:47:12.0645 2316 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:47:12.0651 2316 Fs_Rec - ok
11:47:12.0765 2316 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:47:12.0769 2316 fvevol - ok
11:47:12.0913 2316 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:47:12.0916 2316 gagp30kx - ok
11:47:12.0996 2316 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:47:12.0998 2316 hcw85cir - ok
11:47:13.0155 2316 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:47:13.0165 2316 HdAudAddService - ok
11:47:13.0305 2316 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:47:13.0310 2316 HDAudBus - ok
11:47:13.0493 2316 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:47:13.0500 2316 HECIx64 - ok
11:47:13.0609 2316 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:47:13.0612 2316 HidBatt - ok
11:47:13.0700 2316 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:47:13.0704 2316 HidBth - ok
11:47:13.0874 2316 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:47:13.0877 2316 HidIr - ok
11:47:13.0997 2316 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:47:14.0002 2316 HidUsb - ok
11:47:14.0240 2316 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:47:14.0244 2316 HpSAMD - ok
11:47:14.0428 2316 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:47:14.0459 2316 HTTP - ok
11:47:14.0529 2316 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:47:14.0531 2316 hwpolicy - ok
11:47:14.0658 2316 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:47:14.0662 2316 i8042prt - ok
11:47:14.0815 2316 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
11:47:14.0821 2316 iaStor - ok
11:47:15.0034 2316 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:47:15.0130 2316 iaStorV - ok
11:47:16.0587 2316 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:47:16.0860 2316 igfx - ok
11:47:17.0106 2316 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:47:17.0109 2316 iirsp - ok
11:47:17.0338 2316 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
11:47:17.0342 2316 Impcd - ok
11:47:17.0403 2316 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:47:17.0405 2316 intelide - ok
11:47:17.0500 2316 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:47:17.0501 2316 intelppm - ok
11:47:17.0595 2316 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:47:17.0598 2316 IpFilterDriver - ok
11:47:17.0662 2316 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:47:17.0665 2316 IPMIDRV - ok
11:47:17.0724 2316 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:47:17.0727 2316 IPNAT - ok
11:47:17.0801 2316 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:47:17.0803 2316 IRENUM - ok
11:47:17.0917 2316 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:47:17.0920 2316 isapnp - ok
11:47:17.0985 2316 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:47:17.0991 2316 iScsiPrt - ok
11:47:18.0059 2316 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:47:18.0062 2316 kbdclass - ok
11:47:18.0154 2316 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:47:18.0156 2316 kbdhid - ok
11:47:18.0233 2316 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:47:18.0236 2316 KSecDD - ok
11:47:18.0275 2316 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:47:18.0280 2316 KSecPkg - ok
11:47:18.0312 2316 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:47:18.0314 2316 ksthunk - ok
11:47:18.0395 2316 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
11:47:18.0397 2316 L1E - ok
11:47:18.0477 2316 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:47:18.0479 2316 lltdio - ok
11:47:18.0575 2316 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:47:18.0578 2316 LSI_FC - ok
11:47:18.0633 2316 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:47:18.0636 2316 LSI_SAS - ok
11:47:18.0687 2316 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:47:18.0690 2316 LSI_SAS2 - ok
11:47:18.0778 2316 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:47:18.0781 2316 LSI_SCSI - ok
11:47:18.0845 2316 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:47:18.0849 2316 luafv - ok
11:47:18.0955 2316 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
11:47:18.0958 2316 MBAMProtector - ok
11:47:19.0306 2316 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:47:19.0308 2316 megasas - ok
11:47:19.0386 2316 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:47:19.0393 2316 MegaSR - ok
11:47:19.0482 2316 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:47:19.0484 2316 Modem - ok
11:47:19.0542 2316 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:47:19.0543 2316 monitor - ok
11:47:19.0624 2316 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:47:19.0626 2316 mouclass - ok
11:47:19.0715 2316 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:47:19.0718 2316 mouhid - ok
11:47:19.0781 2316 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:47:19.0784 2316 mountmgr - ok
11:47:19.0863 2316 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
11:47:19.0868 2316 MpFilter - ok
11:47:19.0930 2316 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:47:19.0934 2316 mpio - ok
11:47:19.0989 2316 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:47:19.0991 2316 MpNWMon - ok
11:47:20.0029 2316 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:47:20.0032 2316 mpsdrv - ok
11:47:20.0090 2316 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:47:20.0095 2316 MRxDAV - ok
11:47:20.0166 2316 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:47:20.0172 2316 mrxsmb - ok
11:47:20.0231 2316 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:47:20.0239 2316 mrxsmb10 - ok
11:47:20.0274 2316 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:47:20.0278 2316 mrxsmb20 - ok
11:47:20.0312 2316 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:47:20.0315 2316 msahci - ok
11:47:20.0384 2316 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:47:20.0389 2316 msdsm - ok
11:47:20.0454 2316 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:47:20.0457 2316 Msfs - ok
11:47:20.0489 2316 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:47:20.0492 2316 mshidkmdf - ok
11:47:20.0541 2316 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:47:20.0543 2316 msisadrv - ok
11:47:20.0627 2316 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:47:20.0630 2316 MSKSSRV - ok
11:47:20.0730 2316 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:47:20.0732 2316 MSPCLOCK - ok
11:47:20.0778 2316 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:47:20.0780 2316 MSPQM - ok
11:47:20.0850 2316 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:47:20.0858 2316 MsRPC - ok
11:47:20.0894 2316 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:47:20.0895 2316 mssmbios - ok
11:47:20.0976 2316 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:47:20.0979 2316 MSTEE - ok
11:47:21.0035 2316 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:47:21.0037 2316 MTConfig - ok
11:47:21.0097 2316 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:47:21.0100 2316 Mup - ok
11:47:21.0186 2316 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:47:21.0193 2316 NativeWifiP - ok
11:47:21.0298 2316 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:47:21.0324 2316 NDIS - ok
11:47:21.0405 2316 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:47:21.0407 2316 NdisCap - ok
11:47:21.0447 2316 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:47:21.0449 2316 NdisTapi - ok
11:47:21.0503 2316 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:47:21.0506 2316 Ndisuio - ok
11:47:21.0569 2316 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:47:21.0574 2316 NdisWan - ok
11:47:21.0656 2316 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:47:21.0659 2316 NDProxy - ok
11:47:21.0720 2316 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:47:21.0722 2316 NetBIOS - ok
11:47:21.0777 2316 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:47:21.0784 2316 NetBT - ok
11:47:21.0925 2316 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:47:21.0927 2316 nfrd960 - ok
11:47:21.0983 2316 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:47:21.0986 2316 NisDrv - ok
11:47:22.0059 2316 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:47:22.0061 2316 Npfs - ok
11:47:22.0103 2316 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:47:22.0105 2316 nsiproxy - ok
11:47:22.0191 2316 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:47:22.0247 2316 Ntfs - ok
11:47:22.0376 2316 ntk_dtv (10694a19236a6355741914c3737cf3a5) C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys
11:47:22.0380 2316 ntk_dtv - ok
11:47:22.0405 2316 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:47:22.0406 2316 Null - ok
11:47:22.0471 2316 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:47:22.0476 2316 nvraid - ok
11:47:22.0532 2316 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:47:22.0536 2316 nvstor - ok
11:47:22.0616 2316 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:47:22.0619 2316 nv_agp - ok
11:47:22.0711 2316 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:47:22.0714 2316 ohci1394 - ok
11:47:22.0814 2316 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:47:22.0817 2316 Parport - ok
11:47:22.0885 2316 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:47:22.0888 2316 partmgr - ok
11:47:22.0952 2316 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:47:22.0957 2316 pci - ok
11:47:23.0001 2316 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:47:23.0004 2316 pciide - ok
11:47:23.0064 2316 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:47:23.0070 2316 pcmcia - ok
11:47:23.0114 2316 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:47:23.0117 2316 pcw - ok
11:47:23.0166 2316 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:47:23.0187 2316 PEAUTH - ok
11:47:23.0312 2316 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:47:23.0315 2316 PptpMiniport - ok
11:47:23.0359 2316 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:47:23.0361 2316 Processor - ok
11:47:23.0472 2316 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:47:23.0475 2316 Psched - ok
11:47:23.0551 2316 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:47:23.0602 2316 ql2300 - ok
11:47:23.0639 2316 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:47:23.0642 2316 ql40xx - ok
11:47:23.0686 2316 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:47:23.0690 2316 QWAVEdrv - ok
11:47:23.0732 2316 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:47:23.0734 2316 RasAcd - ok
11:47:23.0775 2316 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:47:23.0777 2316 RasAgileVpn - ok
11:47:23.0835 2316 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:47:23.0839 2316 Rasl2tp - ok
11:47:23.0904 2316 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:47:23.0907 2316 RasPppoe - ok
11:47:23.0942 2316 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:47:23.0946 2316 RasSstp - ok
11:47:24.0010 2316 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:47:24.0017 2316 rdbss - ok
11:47:24.0063 2316 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:47:24.0065 2316 rdpbus - ok
11:47:24.0104 2316 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:47:24.0106 2316 RDPCDD - ok
11:47:24.0147 2316 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:47:24.0149 2316 RDPENCDD - ok
11:47:24.0184 2316 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:47:24.0186 2316 RDPREFMP - ok
11:47:24.0244 2316 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:47:24.0250 2316 RDPWD - ok
11:47:24.0350 2316 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:47:24.0356 2316 rdyboost - ok
11:47:24.0447 2316 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:47:24.0452 2316 RFCOMM - ok
11:47:24.0579 2316 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
11:47:24.0586 2316 RsFx0103 - ok
11:47:24.0645 2316 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:47:24.0648 2316 rspndr - ok
11:47:24.0709 2316 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:47:24.0712 2316 sbp2port - ok
11:47:24.0790 2316 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:47:24.0792 2316 scfilter - ok
11:47:24.0877 2316 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:47:24.0879 2316 secdrv - ok
11:47:24.0942 2316 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:47:24.0944 2316 Serenum - ok
11:47:25.0042 2316 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:47:25.0045 2316 Serial - ok
11:47:25.0130 2316 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:47:25.0132 2316 sermouse - ok
11:47:25.0216 2316 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:47:25.0218 2316 sffdisk - ok
11:47:25.0308 2316 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:47:25.0312 2316 sffp_mmc - ok
11:47:25.0436 2316 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:47:25.0442 2316 sffp_sd - ok
11:47:25.0527 2316 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:47:25.0530 2316 sfloppy - ok
11:47:25.0610 2316 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:47:25.0612 2316 SiSRaid2 - ok
11:47:25.0670 2316 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:47:25.0672 2316 SiSRaid4 - ok
11:47:25.0743 2316 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:47:25.0746 2316 Smb - ok
11:47:25.0860 2316 snapman (48455dd673b4c8f6e141ec3f89ed856b) C:\Windows\system32\DRIVERS\snapman.sys
11:47:25.0866 2316 snapman - ok
11:47:25.0938 2316 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:47:25.0941 2316 spldr - ok
11:47:26.0041 2316 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:47:26.0052 2316 srv - ok
11:47:26.0101 2316 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:47:26.0110 2316 srv2 - ok
11:47:26.0149 2316 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:47:26.0154 2316 srvnet - ok
11:47:26.0251 2316 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:47:26.0253 2316 stexstor - ok
11:47:26.0330 2316 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:47:26.0334 2316 swenum - ok
11:47:26.0442 2316 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:47:26.0500 2316 Tcpip - ok
11:47:26.0598 2316 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:47:26.0610 2316 TCPIP6 - ok
11:47:26.0667 2316 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:47:26.0669 2316 tcpipreg - ok
11:47:26.0742 2316 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:47:26.0745 2316 TDPIPE - ok
11:47:26.0790 2316 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:47:26.0793 2316 TDTCP - ok
11:47:26.0854 2316 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:47:26.0858 2316 tdx - ok
11:47:26.0892 2316 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:47:26.0895 2316 TermDD - ok
11:47:26.0977 2316 timounter (5ed1fcacf1459f613c31a3767039d813) C:\Windows\system32\DRIVERS\timntr.sys
11:47:27.0010 2316 timounter - ok
11:47:27.0098 2316 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:47:27.0100 2316 tssecsrv - ok
11:47:27.0211 2316 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:47:27.0214 2316 TsUsbFlt - ok
11:47:27.0304 2316 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:47:27.0308 2316 tunnel - ok
11:47:27.0377 2316 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:47:27.0380 2316 uagp35 - ok
11:47:27.0453 2316 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:47:27.0461 2316 udfs - ok
11:47:27.0550 2316 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:47:27.0552 2316 uliagpkx - ok
11:47:27.0646 2316 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:47:27.0649 2316 umbus - ok
11:47:27.0700 2316 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:47:27.0702 2316 UmPass - ok
11:47:27.0744 2316 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\System32\Drivers\usbaapl64.sys
11:47:27.0746 2316 USBAAPL64 - ok
11:47:27.0810 2316 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:47:27.0813 2316 usbccgp - ok
11:47:27.0866 2316 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:47:27.0869 2316 usbcir - ok
11:47:27.0909 2316 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:47:27.0911 2316 usbehci - ok
11:47:28.0014 2316 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:47:28.0021 2316 usbhub - ok
11:47:28.0080 2316 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:47:28.0082 2316 usbohci - ok
11:47:28.0126 2316 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:47:28.0128 2316 usbprint - ok
11:47:28.0184 2316 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:47:28.0187 2316 USBSTOR - ok
11:47:28.0234 2316 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:47:28.0236 2316 usbuhci - ok
11:47:28.0306 2316 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:47:28.0312 2316 usbvideo - ok
11:47:28.0376 2316 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:47:28.0378 2316 vdrvroot - ok
11:47:28.0431 2316 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:47:28.0433 2316 vga - ok
11:47:28.0475 2316 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:47:28.0476 2316 VgaSave - ok
11:47:28.0542 2316 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:47:28.0546 2316 vhdmp - ok
11:47:28.0607 2316 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:47:28.0609 2316 viaide - ok
11:47:28.0698 2316 VKBD (cbc143cd70b02fdf889dc5f7876c8835) C:\Windows\system32\DRIVERS\virkbd.sys
11:47:28.0700 2316 VKBD - ok
11:47:28.0789 2316 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:47:28.0793 2316 volmgr - ok
11:47:28.0877 2316 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:47:28.0885 2316 volmgrx - ok
11:47:28.0953 2316 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:47:28.0959 2316 volsnap - ok
11:47:29.0048 2316 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:47:29.0052 2316 vsmraid - ok
11:47:29.0092 2316 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:47:29.0094 2316 vwifibus - ok
11:47:29.0129 2316 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:47:29.0132 2316 vwififlt - ok
11:47:29.0186 2316 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:47:29.0188 2316 WacomPen - ok
11:47:29.0262 2316 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:47:29.0266 2316 WANARP - ok
11:47:29.0271 2316 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:47:29.0273 2316 Wanarpv6 - ok
11:47:29.0345 2316 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:47:29.0347 2316 Wd - ok
11:47:29.0398 2316 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam.sys
11:47:29.0400 2316 WDC_SAM - ok
11:47:29.0457 2316 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:47:29.0477 2316 Wdf01000 - ok
11:47:29.0563 2316 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:47:29.0565 2316 WfpLwf - ok
11:47:29.0603 2316 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:47:29.0605 2316 WIMMount - ok
11:47:29.0805 2316 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:47:29.0806 2316 WmiAcpi - ok
11:47:29.0875 2316 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:47:29.0878 2316 ws2ifsl - ok
11:47:29.0987 2316 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:47:29.0990 2316 WudfPf - ok
11:47:30.0100 2316 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:47:30.0104 2316 WUDFRd - ok
11:47:30.0197 2316 MBR (0x1B8) (d8cf024fb85843c60f9228a610a16e71) \Device\Harddisk0\DR0
11:47:30.0283 2316 \Device\Harddisk0\DR0 - ok
11:47:30.0315 2316 Boot (0x1200) (a1b389a25abeac78a85502dd19efb035) \Device\Harddisk0\DR0\Partition0
11:47:30.0317 2316 \Device\Harddisk0\DR0\Partition0 - ok
11:47:30.0326 2316 Boot (0x1200) (9f5d57272d52b28adbd8dbc42f29a7b9) \Device\Harddisk0\DR0\Partition1
11:47:30.0328 2316 \Device\Harddisk0\DR0\Partition1 - ok
11:47:30.0329 2316 ============================================================
11:47:30.0329 2316 Scan finished
11:47:30.0329 2316 ============================================================
11:47:30.0349 2288 Detected object count: 0
11:47:30.0349 2288 Actual detected object count: 0
______________________________________________________________________________________________________________________________________________________

I copied and pasted the text in bold to notepad saved it successfully as .bat ran it as administrator and the log file was blank and the dos window says " junction is not recognized as an internal or external command, operable program or batch file.

Attached Files

  • Attached File  MBR.zip   614bytes   0 downloads


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 PM

Posted 16 December 2011 - 01:59 PM

Run the CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/

At the prompt paste the following. If you type it make sure you have the exact string.

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

Like this.
cmd(space)/c(space)junction(space)-s(space)c:\(space)>log.txt&log.txt&(space)del(space)log.txt

Can you now post the content of the log.txt file.

#10 jdawg10161

jdawg10161
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 16 December 2011 - 03:14 PM

No I still get the same message whether I copy and paste or type the whole string

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 PM

Posted 17 December 2011 - 10:26 AM

Try this.

Open Notepad and copy/paste the contents in the quote box below, into Notepad.

junction -s c:\ > log.txt
notepad log.txt
exit


Save this as junction.bat Choose to "Save type as - All Files" and save it to your desktop.

It should look like this: Posted Image

  • Double click Junction folder to open it.
  • Now drag the junction.bat into the Junction folder
  • Double click the junction.bat and allow it to run.

It can take a while to complete, so be patient. Post the log.

#12 jdawg10161

jdawg10161
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 17 December 2011 - 08:58 PM

When you say to:
Double click Junction folder to open it.
Now drag the junction.bat into the Junction folder
Double click the junction.bat and allow it to run.
Where exactly would I find the junction folder because if I copy and paste this "junction -s c:\ > log.txt" then double click the bat file it
notepad log.txt
exit
does nothing and if i run as administrator it gives the same error message as previously reported

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 PM

Posted 18 December 2011 - 09:24 AM

Sorry about that I assumed you already had a copy of the junction.exe

Download the file to a folder (name junction) on your desktop.

Link: http://technet.microsoft.com/en-us/sysinternals/bb896768

Execute my previous instructions.

#14 jdawg10161

jdawg10161
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 18 December 2011 - 02:54 PM

ok this is the log that was generated:



Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\Config.Msi: Access is denied.


\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\MSOCache: Access is denied.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\PerfLogs: Access is denied.



Failed to open \\?\c:\\Recovery: Access is denied.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...


Failed to open \\?\c:\\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Backup: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\JOBS: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Log: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\repldata: Access is denied.


.
Failed to open \\?\c:\\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Template Data\MS_AgentSigningCertificate.cer: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Template Data\tempdb.mdf: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Template Data\templog.ldf: Access is denied.


..


Failed to open \\?\c:\\Program Files (x86)\Common Files\Acronis\Agent\certificate.pem: Access is denied.


...

...

...

...

...

...

...

...

...

.\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites


Failed to open \\?\c:\\ProgramData\Rpcnet: Access is denied.


\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

..

.
Failed to open \\?\c:\\ProgramData\Microsoft\Microsoft Antimalware: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows Defender: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\BingBar\SeaPort\BBSvcConfig.cab: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\BingBar\SeaPort\SeaPort.cab: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\S-1-5-18: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00878414c713c30605f1079bf60afcf1_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03694f8e503cc614ccf91c58eee53fe9_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04341f99ce42ef69f49071dd576420f8_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06dea8427b5df51b72ad3c5f9df8e4a9_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0c581841467b8f577a31073c2ef57120_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0c75c57e75fb0867a71c087f53b69130_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\163ad0c0057daec5b793b61831e0142d_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1662bbcd1105d5eca9bc603d21c68645_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\16f832df0a10e7d5996d3bbf1ce61084_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\173e911a84ec464a19cc551ae51836ab_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\224aa410d8c139248f1ed41e0ebb0bff_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\23a01caca90909975b5069f9f2b1b405_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\27f0aa19e356e88af6e91ec15b1ccec5_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c7124362d7a1f2817dd3c047e3d1de6_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3053651c2512338615e9ea672841ec38_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3248d765d00008946225fe46c307e044_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\38311827e82853018fb9afa83484f864_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3997ef44250dfced71decd4e96b793e6_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\425f70093b87ac39be278d02e9322f55_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\428bfbc1eaff75da6d6f31127419b676_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\464eb6b8653010a08579433aafe33568_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\46fce8953e581b2de2d7807f26af7b9c_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\47f57ad3ed88357d8d6da88e94475ccb_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\48433a2434fa9e7bd6166b442203355d_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4caec6da55a0794ba5c4edcdb42243d2_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f7de62017a41ddea0863c725dc52aa4_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5233af36bc1b170347115715bbce5712_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5933690639140da1dfd8fa425aa5e267_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5bb04f71c3aca3cd32e0142d0202d197_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\62919b23e7e3e08a1f94b44933c2a052_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6a81afcd6c675fa4afa20f0968286f10_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f2f4fce08196df58b04d52c9085f70f_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\712c102ebce2705ac658851ed291b9d1_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\71307332b85bfde49baa3bb5ee8586bc_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\74a4efc61276c73f4baec90bbf8bad90_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7520426d6a2c2457b82ff873e2fb4591_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\789687f79df01bb06d818dd8ef38ea6c_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7aa8ce3ff8cdc7c1a88fe60252f7427b_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8014e1c978b677f43cd0a319101097a0_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\81228ef22c3088aff5847fad6c10a819_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\82424272bafa473e992261102fffc7e4_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\86856e7e8a88cc0a16428aa94b414c82_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\87dc0a5f151be26d62bbb3d36ed18faa_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8853eb4078640141486afb49d29417c0_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d55c42b838e84fb36c4beeeaf2eb9fd_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\906feb93a4a4c86fe3c411c05d5575f2_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\971a6f0ede2a1bb56fc32bbbb7f1aa65_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9aa6888165e5113f52b995a2f2639ab4_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f8c5268f46ddad931d1d3842e2978d7_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a0a157d2e233b751f1139724610c05ce_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2c224a45241fd63f9dafac9f1b1a0e0_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a34a1d4e78f2c6bb40e2672dc3f4063c_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a576701740b42f654f6f5b6179668c96_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a70fa589db8105b19c690b2cdbd85725_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b0e69b9f7205ff1e5132848490f073d6_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b2cd5150c089eea9c497568f55fa5be5_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b2ee88d79007e3817edfc70f651fd81d_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b31994a1a0062c6c4e9d99521beeb724_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b33e90c2ced943b5956e1b6e75ea8dff_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7038c66b0d0dbcc65c1f6ba1473b7cf_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca7a60f57bf8c214f0c1971b41afb424_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cc9d274d199fa562a35c65e165d72295_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd276c28abbe2445584b4a784d603131_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cf98701ff50260804a3e0425a85c2509_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cfc7f8817718744ce3a0f6a5d3402961_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ddd90f65219afa175fcc96d80d63e73a_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e13b514516ae0ae686e67e1a44d9e68a_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e29b80c762eaf2e46292729b1aa98a88_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e71ac76a17f3e0dc91d5d67c6282928b_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e92e4c12a5350197cea1e6830a8d1018_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ea81c658ab2a171a82b23d0a09018e76_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f57b65cbcacea83a5ced2a4f7f05bef0_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f804c417f516a978476b0423e479b291_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_11101b2c-1b3e-434c-b4b3-a7915772fb5b: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_e8a3c240-fbde-43ec-93ef-a212816ec1ea: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ff689f2f9b80af344d8b71eb98cc8e14_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.


.
Failed to open \\?\c:\\ProgramData\Microsoft\Network\Downloader: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Search\Data: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\User Account Pictures\Acronis Agent User.dat: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\User Account Pictures\DakTech.dat: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_IEXPLORE.EXE_57cc2eac38ab43ad231dc4fc6dd054463313f0c4_024d0251: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash__ex-68.exe_aade7b57a9346c3716e4b09165ce87e3257169a_0238dc69: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_rpcld_514062f5864eeaa7b59e62da978e714e8317c92_096ec189: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_rpcld_514062f5864eeaa7b59e62da978e714e8317c92_0b76ede6: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_winvnc.exe_816383d6ccbdb2930aeb8e98daa58d96805b7_0d6e6be4: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0232dc5b: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_02857781: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_02f19c6e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0336d125: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_04f982e6: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_051c7243: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0581be50: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_05cf59b4: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_05e61b6d: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_061cf73b: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_077e1b5d: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0788f73b: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_078a56a8: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_078beb49: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_07d23b1d: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_08095245: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0a016d73: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0a1e7d99: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0a3c6604: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0a424b91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0adff631: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0b7efa56: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0bc73a04: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0c758da0: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0db413b0: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0e43d431: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0e5bbb25: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0e6f3a04: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0ef93aa0: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0efa1b4e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0f005c92: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0ff5d5e5: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_10047c90: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_10062491: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1055451b: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_10b9e15a: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_10d77f4e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_10db39f5: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_111b3a14: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1137de1f: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11478bbc: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1153c5df: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1157ad7e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_115b65a6: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11685c92: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_116ac285: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_116b9731: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_116c5c92: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_116ef00a: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1194f74a: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11a61b6d: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11e0f74a: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11f1b461: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11f34dc3: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1218fdc0: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_121a71c6: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_121c0944: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1255a757: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1256672c: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_126b3a04: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1278890e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_12a23073: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13185c82: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_132a1b4e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_136924fe: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_136aa554: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_136c5ca1: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13869b84: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13b9cbc8: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13bd0b57: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13c92f0c: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13cd15e1: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13ce8c77: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13d15c53: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13ec253d: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x80070002_d9dea0f33cdbef22b9fe59fb327524c6ab6656f7_0258a8ad: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x80070003_676b1da0c19f458bbe27582acad6cea3935c7ab_029c9e41: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x80070003_c5e4b69f9e5e61566f1efa65ac5cc2f74c123c9f_0238c34e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_0x80070670_b41d4c142e8ce4d3b0e971b15ec6f6c99f3bec6d_1b9801da: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_29ff98a307d15bea6c44e786079bfb6eb7924_0825dfb8: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_5d258f6b8567aa9b2dae7b8556899bb495e21e_0766ceb3: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_f68ea1c1d32d1797c6ddf704c2a95d46deba4e3_025b4ab5: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_33fee1c16079435e4154e9e210b2642e1e27a34_1d034fbf: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_5827f6e77568e42ac39ec2ee74faece0239093_01d12cd5: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_8a669dc08ef2d393a3c0b56c95f5f5f253284c75_1b505805: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_bed6abccf7a3ed55ea36f28ff2e41d77ae5c54ef_0bbc9363: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_bed6abccf7a3ed55ea36f28ff2e41d77ae5c54ef_2beba13b: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_d9e1d6f3e29ec0ac174e6acfcdeb15d6ddf776f_91b91871: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_80072efe_a938558e40e99113c4dd54c1e12b6d594ee3b87_02048065: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_80072efe_a938558e40e99113c4dd54c1e12b6d594ee3b87_02049d48: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_80240016_6ed1b940df51d6134bbf76e1ebf248f9145b28_01d06f94: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_8024402c_66c66075855619cc1111e0dd9c4f3189cbbd9c6_022079b1: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_8024402c_66c66075855619cc1111e0dd9c4f3189cbbd9c6_0234ab1d: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_8024402c_a113d03bc92f937bd9ba7afaa18b5927ded7_01d99e51: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_8024402c_a113d03bc92f937bd9ba7afaa18b5927ded7_01d9a7f2: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_8024402c_a113d03bc92f937bd9ba7afaa18b5927ded7_01d9b200: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft Window_bd5996727e9ea1acda90841fa2c99a88df4fb9d6_008cb49f: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_12e4c64f5cb29fd8b5ccce913d082d886fc17fe_02208362: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_12e4c64f5cb29fd8b5ccce913d082d886fc17fe_02447712: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_56ecd3d9e4d408e4a40a619dc1e2577a55f652b_02208cf3: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_56ecd3d9e4d408e4a40a619dc1e2577a55f652b_024480b3: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_64cac67633ecb15b867334b341ce02b49804cae_02713c25: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_a21f2ec5c5a2495c3bd8c3c4322f539a534bf86_00747bd3: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_a21f2ec5c5a2495c3bd8c3c4322f539a534bf86_0234bd94: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_d6a51219bd74e97caf16b5d08ccf45d7f34363_00748574: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_e36d7f8dc338d3631a028ef9513ee145630a15c_01b4a331: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_4aa4776d94f5d37fe47697d98c1ecb87c69c83_01d9bbc0: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_ad5862cf9cb8062bb90cf7a14e4dfa80f63da5_01d9c58f: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_db2da5bd487531e8599971d9a44f230fb5935b0_01d9cf4f: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_e7ae7ad5722ef512ded69c6d940fc17cc3ccfae_0209138f: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_e7ae7ad5722ef512ded69c6d940fc17cc3ccfae_094cc8e9: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_e7ae7ad5722ef512ded69c6d940fc17cc3ccfae_097c9626: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_rpcld_514062f5864eeaa7b59e62da978e714e8317c92_cab_046e278c: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows Easy Transfer\PostMigData: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows Live\Family Safety\fss.dat: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows NT\MSFax: Access is denied.



Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.



Failed to open \\?\c:\\Users\Acronis Agent User: Access is denied.


\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

.\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites


Failed to open \\?\c:\\Users\All Users\Rpcnet: Access is denied.


\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates



...
Failed to open \\?\c:\\Users\All Users\Microsoft\Microsoft Antimalware: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows Defender: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\BingBar\SeaPort\BBSvcConfig.cab: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\BingBar\SeaPort\SeaPort.cab: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\00878414c713c30605f1079bf60afcf1_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\03694f8e503cc614ccf91c58eee53fe9_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\04341f99ce42ef69f49071dd576420f8_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\06dea8427b5df51b72ad3c5f9df8e4a9_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0c581841467b8f577a31073c2ef57120_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0c75c57e75fb0867a71c087f53b69130_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\163ad0c0057daec5b793b61831e0142d_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1662bbcd1105d5eca9bc603d21c68645_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\16f832df0a10e7d5996d3bbf1ce61084_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\173e911a84ec464a19cc551ae51836ab_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\224aa410d8c139248f1ed41e0ebb0bff_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\23a01caca90909975b5069f9f2b1b405_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\27f0aa19e356e88af6e91ec15b1ccec5_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2c7124362d7a1f2817dd3c047e3d1de6_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3053651c2512338615e9ea672841ec38_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3248d765d00008946225fe46c307e044_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\38311827e82853018fb9afa83484f864_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3997ef44250dfced71decd4e96b793e6_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\425f70093b87ac39be278d02e9322f55_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\428bfbc1eaff75da6d6f31127419b676_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\464eb6b8653010a08579433aafe33568_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\46fce8953e581b2de2d7807f26af7b9c_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\47f57ad3ed88357d8d6da88e94475ccb_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\48433a2434fa9e7bd6166b442203355d_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4caec6da55a0794ba5c4edcdb42243d2_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4f7de62017a41ddea0863c725dc52aa4_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5233af36bc1b170347115715bbce5712_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5933690639140da1dfd8fa425aa5e267_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5bb04f71c3aca3cd32e0142d0202d197_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\62919b23e7e3e08a1f94b44933c2a052_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6a81afcd6c675fa4afa20f0968286f10_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6f2f4fce08196df58b04d52c9085f70f_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\712c102ebce2705ac658851ed291b9d1_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\71307332b85bfde49baa3bb5ee8586bc_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\74a4efc61276c73f4baec90bbf8bad90_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7520426d6a2c2457b82ff873e2fb4591_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\789687f79df01bb06d818dd8ef38ea6c_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7aa8ce3ff8cdc7c1a88fe60252f7427b_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8014e1c978b677f43cd0a319101097a0_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\81228ef22c3088aff5847fad6c10a819_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\82424272bafa473e992261102fffc7e4_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\86856e7e8a88cc0a16428aa94b414c82_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\87dc0a5f151be26d62bbb3d36ed18faa_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8853eb4078640141486afb49d29417c0_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8d55c42b838e84fb36c4beeeaf2eb9fd_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\906feb93a4a4c86fe3c411c05d5575f2_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\971a6f0ede2a1bb56fc32bbbb7f1aa65_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9aa6888165e5113f52b995a2f2639ab4_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9f8c5268f46ddad931d1d3842e2978d7_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a0a157d2e233b751f1139724610c05ce_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a2c224a45241fd63f9dafac9f1b1a0e0_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a34a1d4e78f2c6bb40e2672dc3f4063c_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a576701740b42f654f6f5b6179668c96_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a70fa589db8105b19c690b2cdbd85725_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b0e69b9f7205ff1e5132848490f073d6_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b2cd5150c089eea9c497568f55fa5be5_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b2ee88d79007e3817edfc70f651fd81d_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b31994a1a0062c6c4e9d99521beeb724_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b33e90c2ced943b5956e1b6e75ea8dff_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c7038c66b0d0dbcc65c1f6ba1473b7cf_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ca7a60f57bf8c214f0c1971b41afb424_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cc9d274d199fa562a35c65e165d72295_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cd276c28abbe2445584b4a784d603131_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cf98701ff50260804a3e0425a85c2509_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cfc7f8817718744ce3a0f6a5d3402961_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ddd90f65219afa175fcc96d80d63e73a_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e13b514516ae0ae686e67e1a44d9e68a_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e29b80c762eaf2e46292729b1aa98a88_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e71ac76a17f3e0dc91d5d67c6282928b_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e92e4c12a5350197cea1e6830a8d1018_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ea81c658ab2a171a82b23d0a09018e76_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f57b65cbcacea83a5ced2a4f7f05bef0_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f804c417f516a978476b0423e479b291_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_11101b2c-1b3e-434c-b4b3-a7915772fb5b: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_e8a3c240-fbde-43ec-93ef-a212816ec1ea: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ff689f2f9b80af344d8b71eb98cc8e14_1d7a8206-2b24-41e9-a0fc-11de15efca53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Network\Downloader: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Search\Data: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\User Account Pictures\Acronis Agent User.dat: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\User Account Pictures\DakTech.dat: Access is denied.





Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\Power Efficiency Diagnostics: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_IEXPLORE.EXE_57cc2eac38ab43ad231dc4fc6dd054463313f0c4_024d0251: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash__ex-68.exe_aade7b57a9346c3716e4b09165ce87e3257169a_0238dc69: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_rpcld_514062f5864eeaa7b59e62da978e714e8317c92_096ec189: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_rpcld_514062f5864eeaa7b59e62da978e714e8317c92_0b76ede6: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_winvnc.exe_816383d6ccbdb2930aeb8e98daa58d96805b7_0d6e6be4: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0232dc5b: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_02857781: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_02f19c6e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0336d125: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_04f982e6: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_051c7243: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0581be50: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_05cf59b4: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_05e61b6d: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_061cf73b: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_077e1b5d: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0788f73b: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_078a56a8: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_078beb49: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_07d23b1d: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_08095245: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0a016d73: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0a1e7d99: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0a3c6604: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0a424b91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0adff631: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0b7efa56: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0bc73a04: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0c758da0: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0db413b0: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0e43d431: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0e5bbb25: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0e6f3a04: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0ef93aa0: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0efa1b4e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0f005c92: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_0ff5d5e5: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_10047c90: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_10062491: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1055451b: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_10b9e15a: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_10d77f4e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_10db39f5: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_111b3a14: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1137de1f: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11478bbc: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1153c5df: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1157ad7e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_115b65a6: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11685c92: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_116ac285: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_116b9731: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_116c5c92: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_116ef00a: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1194f74a: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11a61b6d: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11e0f74a: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11f1b461: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_11f34dc3: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1218fdc0: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_121a71c6: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_121c0944: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1255a757: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1256672c: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_126b3a04: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_1278890e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_12a23073: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13185c82: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_132a1b4e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_136924fe: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_136aa554: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_136c5ca1: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13869b84: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13b9cbc8: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13bd0b57: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13c92f0c: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13cd15e1: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13ce8c77: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13d15c53: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\Critical_6.1.7600_1eeebf9f1640b9df833631bfe385fef73dde5_13ec253d: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x80070002_d9dea0f33cdbef22b9fe59fb327524c6ab6656f7_0258a8ad: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x80070003_676b1da0c19f458bbe27582acad6cea3935c7ab_029c9e41: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x80070003_c5e4b69f9e5e61566f1efa65ac5cc2f74c123c9f_0238c34e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_0x80070670_b41d4c142e8ce4d3b0e971b15ec6f6c99f3bec6d_1b9801da: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_29ff98a307d15bea6c44e786079bfb6eb7924_0825dfb8: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_5d258f6b8567aa9b2dae7b8556899bb495e21e_0766ceb3: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_f68ea1c1d32d1797c6ddf704c2a95d46deba4e3_025b4ab5: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_33fee1c16079435e4154e9e210b2642e1e27a34_1d034fbf: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_5827f6e77568e42ac39ec2ee74faece0239093_01d12cd5: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_8a669dc08ef2d393a3c0b56c95f5f5f253284c75_1b505805: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_bed6abccf7a3ed55ea36f28ff2e41d77ae5c54ef_0bbc9363: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_bed6abccf7a3ed55ea36f28ff2e41d77ae5c54ef_2beba13b: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.5.7601.17514_d9e1d6f3e29ec0ac174e6acfcdeb15d6ddf776f_91b91871: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_80072efe_a938558e40e99113c4dd54c1e12b6d594ee3b87_02048065: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_80072efe_a938558e40e99113c4dd54c1e12b6d594ee3b87_02049d48: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_80240016_6ed1b940df51d6134bbf76e1ebf248f9145b28_01d06f94: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_8024402c_66c66075855619cc1111e0dd9c4f3189cbbd9c6_022079b1: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_8024402c_66c66075855619cc1111e0dd9c4f3189cbbd9c6_0234ab1d: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_8024402c_a113d03bc92f937bd9ba7afaa18b5927ded7_01d99e51: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_8024402c_a113d03bc92f937bd9ba7afaa18b5927ded7_01d9a7f2: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_8024402c_a113d03bc92f937bd9ba7afaa18b5927ded7_01d9b200: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft Window_bd5996727e9ea1acda90841fa2c99a88df4fb9d6_008cb49f: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_12e4c64f5cb29fd8b5ccce913d082d886fc17fe_02208362: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_12e4c64f5cb29fd8b5ccce913d082d886fc17fe_02447712: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_56ecd3d9e4d408e4a40a619dc1e2577a55f652b_02208cf3: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_56ecd3d9e4d408e4a40a619dc1e2577a55f652b_024480b3: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_64cac67633ecb15b867334b341ce02b49804cae_02713c25: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_a21f2ec5c5a2495c3bd8c3c4322f539a534bf86_00747bd3: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_a21f2ec5c5a2495c3bd8c3c4322f539a534bf86_0234bd94: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_d6a51219bd74e97caf16b5d08ccf45d7f34363_00748574: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_Microsoft_e36d7f8dc338d3631a028ef9513ee145630a15c_01b4a331: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_4aa4776d94f5d37fe47697d98c1ecb87c69c83_01d9bbc0: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_ad5862cf9cb8062bb90cf7a14e4dfa80f63da5_01d9c58f: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_db2da5bd487531e8599971d9a44f230fb5935b0_01d9cf4f: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_e7ae7ad5722ef512ded69c6d940fc17cc3ccfae_0209138f: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_e7ae7ad5722ef512ded69c6d940fc17cc3ccfae_094cc8e9: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_x64_e7ae7ad5722ef512ded69c6d940fc17cc3ccfae_097c9626: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppHang_rpcld_514062f5864eeaa7b59e62da978e714e8317c92_cab_046e278c: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows Easy Transfer\PostMigData: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows Live\Family Safety\fss.dat: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows NT\MSFax: Access is denied.


\\?\c:\\Users\BOSS-Student\Application Data: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Roaming
Substitute Name: C:\Users\BOSS-Student\AppData\Roaming

\\?\c:\\Users\BOSS-Student\Cookies: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\BOSS-Student\Local Settings: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Local
Substitute Name: C:\Users\BOSS-Student\AppData\Local

\\?\c:\\Users\BOSS-Student\My Documents: JUNCTION
Print Name : C:\Users\BOSS-Student\Documents
Substitute Name: C:\Users\BOSS-Student\Documents

\\?\c:\\Users\BOSS-Student\NetHood: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\BOSS-Student\PrintHood: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\BOSS-Student\Recent: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\BOSS-Student\SendTo: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\BOSS-Student\Start Menu: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\BOSS-Student\Templates: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\BOSS-Student\AppData\Roaming\Microsoft\Windows\Templates

.\\?\c:\\Users\BOSS-Student\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Local
Substitute Name: C:\Users\BOSS-Student\AppData\Local


Failed to open \\?\c:\\Users\BOSS-Student\AppData\Local\ElevatedDiagnostics: Access is denied.


\\?\c:\\Users\BOSS-Student\AppData\Local\History: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\BOSS-Student\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\BOSS-Student\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\BOSS-Student\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\BOSS-Student\AppData\Local\Microsoft\Windows\Temporary Internet Files

.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 PM

Posted 19 December 2011 - 09:00 AM

I do not see any executable (program file) locked.

Please run ComboFix normally again.

Let me know if the problem persists with any executable file.
Try Notepad and let me know what error you get if any.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users