Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble with svchost.exe, causing Google links to redirect


  • This topic is locked This topic is locked
17 replies to this topic

#1 wasurenbou

wasurenbou

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 12 March 2012 - 01:26 PM

Hi

Last night, I clicked on a link provided by Google search which redirected me to random websites and crashed my laptop. When my laptop rebooted, there was a "internet security" icon sitting on my desktop which had not been there previously. I did a system restore and then ran a full scan with both Symantec and MBAM. Symantec was able to delete everything it caught. So did MBAM. After restarting my laptop and re-running MBAM however, it kept re-catching a Trojan.Agent svchost.exe. I've restarted and re-run MBAM multiple times, but the svchost.exe never seems to go away. I'm not sure what to do.

The virus seems to only redirect links I click from a Google search. It doesn't do anything if I search from a different engine. Also, it seems it has rendered my Google Chrome unusable.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Bee at 14:06:04 on 2012-03-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.1834 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Bee\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Bee\AppData\Roaming\Juniper Networks\UAC Host Checker\uacHostChecker.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Best Buy pc app] C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\Bee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Bee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://uacwireless.gmu.edu/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 129.174.97.3 129.174.68.227 129.174.1.3
TCP: Interfaces\{25CA22B2-B52B-443D-B389-F5138B924FE2} : DhcpNameServer = 129.174.97.3 129.174.68.227 129.174.1.3
TCP: Interfaces\{25CA22B2-B52B-443D-B389-F5138B924FE2}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{25CA22B2-B52B-443D-B389-F5138B924FE2}\4405830573 : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{25CA22B2-B52B-443D-B389-F5138B924FE2}\75869647560224F687 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{25CA22B2-B52B-443D-B389-F5138B924FE2}\E4F465147457563747 : DhcpNameServer = 10.31.149.203
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO-X64: facemoods Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
mRun-x64: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-12 652360]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-4-13 1839888]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS

\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-20

2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-15 138360]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS

\NETwNs64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-5-20 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys --> C:\windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys --> C:\windows\system32\DRIVERS\ssudmdm.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-12 17:33:17 20480 ----a-w- C:\windows\svchost.exe
2012-03-12 06:04:18 -------- d-----w- C:\Users\Bee\AppData\Roaming\Malwarebytes
2012-03-12 06:04:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-12 06:04:06 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-12 06:04:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-12 04:27:39 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\736D.tmp
2012-03-12 04:27:39 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\733D.tmp
2012-03-12 04:27:39 153088 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\733D.tmp.dat
2012-03-11 12:29:36 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\A571.tmp
2012-03-11 12:29:36 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\A570.tmp
2012-02-16 01:15:30 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-02-16 01:15:30 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-02-16 01:15:27 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-02-16 01:15:27 478208 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-02-16 01:15:25 3143168 ----a-w- C:\windows\System32\win32k.sys
2012-02-16 01:15:20 499200 ----a-w- C:\windows\System32\drivers\afd.sys
2012-02-16 01:15:00 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-02-16 01:15:00 634368 ----a-w- C:\windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-03-12 13:01:31 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-01-28 16:26:59 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-25 18:00:00 79360 ----a-w- C:\windows\SysWow64\ff_vfw.dll
2012-01-02 22:49:16 166912 ----a-w- C:\Users\Bee\AppData\Roaming\Keygen DI.exe
2011-12-21 18:14:02 151552 ----a-w- C:\windows\SysWow64\ac3acm.acm
2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:08:22.37 ===============




Also, I'm not sure if you need them or not, but here are some logs from MBAM as well. This was the first scan I did.


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.12.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Bee :: BEE-PC [administrator]

Protection: Enabled

3/12/2012 2:05:48 AM
mbam-log-2012-03-12 (02-05-48).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 432218
Time elapsed: 1 hour(s), 30 minute(s), 42 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4108 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CYBER (Backdoor.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.Agent) -> Data: C:\Users\Bee\AppData\Roaming\WinDir\Svchost.exe -> Quarantined and deleted successfully.
HKCU\Software\Cyber|FirstExecution (Backdoor.Trace) -> Data: 16/08/2011 -- 23:45 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Bee\AppData\Local\Temp\ICReinstall_PDFCreatorSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Bee\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)



This is the log from the last MBAM scan I ran.


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.12.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Bee :: BEE-PC [administrator]

Protection: Enabled

3/12/2012 12:42:54 PM
mbam-log-2012-03-12 (12-42-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191963
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4840 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)




And this is the protection log.

2012/03/12 02:04:54 -0400 BEE-PC Bee MESSAGE Starting protection
2012/03/12 02:04:56 -0400 BEE-PC Bee MESSAGE Protection started successfully
2012/03/12 02:04:59 -0400 BEE-PC Bee MESSAGE Starting IP protection
2012/03/12 02:05:01 -0400 BEE-PC Bee MESSAGE IP Protection started successfully
2012/03/12 02:05:40 -0400 BEE-PC Bee IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 51798, Process: svchost.exe)
2012/03/12 02:06:00 -0400 BEE-PC Bee IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 51861, Process: svchost.exe)
2012/03/12 02:06:01 -0400 BEE-PC Bee IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 51862, Process: svchost.exe)
2012/03/12 02:07:15 -0400 BEE-PC Bee IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 52140, Process: svchost.exe)
2012/03/12 02:08:04 -0400 BEE-PC Bee IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 52191, Process: svchost.exe)
2012/03/12 02:11:11 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 57906, Process: svchost.exe)
2012/03/12 02:12:57 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 58010, Process: svchost.exe)
2012/03/12 02:14:10 -0400 BEE-PC Bee IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 58058, Process: svchost.exe)
2012/03/12 02:14:18 -0400 BEE-PC Bee IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 58083, Process: svchost.exe)
2012/03/12 02:15:48 -0400 BEE-PC Bee IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 58187, Process: svchost.exe)
2012/03/12 02:18:48 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 58450, Process: svchost.exe)
2012/03/12 02:19:05 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 58473, Process: svchost.exe)
2012/03/12 02:21:47 -0400 BEE-PC Bee IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 58658, Process: svchost.exe)
2012/03/12 02:23:34 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 59105, Process: svchost.exe)
2012/03/12 02:26:01 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 59585, Process: svchost.exe)
2012/03/12 02:27:22 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 59778, Process: svchost.exe)
2012/03/12 02:29:24 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60134, Process: svchost.exe)
2012/03/12 02:29:41 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60177, Process: svchost.exe)
2012/03/12 02:30:29 -0400 BEE-PC Bee IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 60277, Process: svchost.exe)
2012/03/12 02:31:02 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60310, Process: svchost.exe)
2012/03/12 02:31:34 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60364, Process: svchost.exe)
2012/03/12 02:32:40 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60467, Process: svchost.exe)
2012/03/12 02:32:56 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60470, Process: svchost.exe)
2012/03/12 02:34:25 -0400 BEE-PC Bee IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 60531, Process: svchost.exe)
2012/03/12 02:34:58 -0400 BEE-PC Bee IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 60533, Process: svchost.exe)
2012/03/12 02:37:40 -0400 BEE-PC Bee IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 60700, Process: svchost.exe)
2012/03/12 03:26:07 -0400 BEE-PC Bee IP-BLOCK 141.136.16.150 (Type: outgoing, Port: 60762, Process: svchost.exe)
2012/03/12 03:26:27 -0400 BEE-PC Bee DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW
2012/03/12 12:38:30 -0400 BEE-PC Bee MESSAGE Starting protection
2012/03/12 12:38:32 -0400 BEE-PC Bee MESSAGE Protection started successfully
2012/03/12 12:38:35 -0400 BEE-PC Bee MESSAGE Starting IP protection
2012/03/12 12:38:36 -0400 BEE-PC Bee MESSAGE IP Protection started successfully
2012/03/12 12:38:43 -0400 BEE-PC Bee IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 49165, Process: svchost.exe)
2012/03/12 12:39:15 -0400 BEE-PC Bee IP-BLOCK 141.136.16.151 (Type: incoming, Port: 49165, Process: svchost.exe)
2012/03/12 12:39:40 -0400 BEE-PC Bee IP-BLOCK 141.136.16.151 (Type: incoming, Port: 49165, Process: svchost.exe)
2012/03/12 12:39:40 -0400 BEE-PC Bee IP-BLOCK 141.136.16.151 (Type: incoming, Port: 49165, Process: svchost.exe)
2012/03/12 12:40:36 -0400 BEE-PC Bee IP-BLOCK 141.136.16.151 (Type: incoming, Port: 49165, Process: svchost.exe)
2012/03/12 12:40:36 -0400 BEE-PC Bee IP-BLOCK 141.136.16.151 (Type: incoming, Port: 49165, Process: svchost.exe)
2012/03/12 12:46:55 -0400 BEE-PC Bee IP-BLOCK 141.136.16.151 (Type: incoming, Port: 49165, Process: svchost.exe)
2012/03/12 12:46:55 -0400 BEE-PC Bee IP-BLOCK 141.136.16.151 (Type: incoming, Port: 49165, Process: svchost.exe)
2012/03/12 12:48:43 -0400 BEE-PC Bee IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50028, Process: svchost.exe)
2012/03/12 12:54:59 -0400 BEE-PC Bee IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50555, Process: svchost.exe)
2012/03/12 12:55:24 -0400 BEE-PC Bee IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 50559, Process: svchost.exe)
2012/03/12 12:55:56 -0400 BEE-PC Bee IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50562, Process: svchost.exe)
2012/03/12 13:06:00 -0400 BEE-PC Bee IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51243, Process: svchost.exe)
2012/03/12 14:02:31 -0400 BEE-PC Bee MESSAGE Starting protection
2012/03/12 14:02:33 -0400 BEE-PC Bee MESSAGE Protection started successfully
2012/03/12 14:02:36 -0400 BEE-PC Bee MESSAGE Starting IP protection
2012/03/12 14:02:38 -0400 BEE-PC Bee MESSAGE IP Protection started successfully
2012/03/12 14:05:27 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51709, Process: svchost.exe)
2012/03/12 14:06:16 -0400 BEE-PC Bee IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51713, Process: svchost.exe)


Thanks in advance!

Edited by wasurenbou, 12 March 2012 - 02:15 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 12 March 2012 - 03:44 PM

Good evening. :)

Download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • When prompted "Would you like to download latest Avast! virus definitions?" click No .
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully" click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#3 wasurenbou

wasurenbou
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 12 March 2012 - 04:01 PM

Thank you for the quick response! Here's the log.



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-12 16:49:57
-----------------------------
16:49:57.587 OS Version: Windows x64 6.1.7600
16:49:57.587 Number of processors: 4 586 0x2505
16:49:57.588 ComputerName: BEE-PC UserName: Bee
16:50:03.606 Initialize success
16:50:25.509 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:50:25.511 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
16:50:25.513 Device \Driver\iaStor -> MajorFunction fffffa80071065c4
16:50:25.515 Disk 0 MBR read successfully
16:50:25.517 Disk 0 MBR scan
16:50:25.520 Disk 0 Windows VISTA default MBR code
16:50:25.560 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:50:25.645 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596659 MB offset 3074048
16:50:25.678 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12320 MB offset 1225031680
16:50:25.718 Disk 0 scanning C:\windows\system32\drivers
16:50:34.358 Service scanning
16:51:29.119 Modules scanning
16:51:29.127 Disk 0 trace - called modules:
16:51:29.133 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys >>UNKNOWN [0xfffffa80071065c4]<<
16:51:29.473 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c98060]
16:51:29.477 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004c97060]
16:51:29.482 5 thpdrv.sys[fffff88001b45cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a3050]
16:51:29.493 \Driver\iaStor[0xfffffa8004b5ea50] -> IRP_MJ_CREATE -> 0xfffffa80071065c4
16:51:29.498 Scan finished successfully
16:54:38.577 Disk 0 MBR has been saved successfully to "C:\Users\Bee\Desktop\MBR.dat"
16:54:38.577 The log file has been saved successfully to "C:\Users\Bee\Desktop\aswMBR.txt"

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 12 March 2012 - 05:37 PM

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#5 wasurenbou

wasurenbou
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 12 March 2012 - 07:35 PM

After performing the prompted reboot after the scan, MBAM detected and quarantined svchost.exe. I'm not sure if the problem is gone or not, but I'm able to open Google Chrome now and so far, the Google search links haven't redirected me anywhere...

Anyway, here's the TDSSKiller log you asked for.


20:11:50.0650 6224 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
20:11:51.0300 6224 ============================================================
20:11:51.0300 6224 Current date / time: 2012/03/12 20:11:51.0300
20:11:51.0300 6224 SystemInfo:
20:11:51.0300 6224
20:11:51.0300 6224 OS Version: 6.1.7600 ServicePack: 0.0
20:11:51.0300 6224 Product type: Workstation
20:11:51.0300 6224 ComputerName: BEE-PC
20:11:51.0300 6224 UserName: Bee
20:11:51.0300 6224 Windows directory: C:\windows
20:11:51.0300 6224 System windows directory: C:\windows
20:11:51.0300 6224 Running under WOW64
20:11:51.0300 6224 Processor architecture: Intel x64
20:11:51.0300 6224 Number of processors: 4
20:11:51.0300 6224 Page size: 0x1000
20:11:51.0300 6224 Boot type: Normal boot
20:11:51.0300 6224 ============================================================
20:11:51.0790 6224 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:11:51.0790 6224 \Device\Harddisk0\DR0:
20:11:51.0790 6224 MBR used
20:11:51.0790 6224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48D59800
20:11:51.0820 6224 Initialize success
20:11:51.0820 6224 ============================================================
20:12:15.0907 6180 ============================================================
20:12:15.0907 6180 Scan started
20:12:15.0907 6180 Mode: Manual; SigCheck; TDLFS;
20:12:15.0907 6180 ============================================================
20:12:17.0129 6180 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\windows\system32\DRIVERS\1394ohci.sys
20:12:17.0285 6180 1394ohci - ok
20:12:17.0410 6180 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
20:12:17.0441 6180 ACPI - ok
20:12:17.0550 6180 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
20:12:17.0628 6180 acpials - ok
20:12:17.0737 6180 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
20:12:17.0800 6180 AcpiPmi - ok
20:12:17.0955 6180 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:12:18.0005 6180 adp94xx - ok
20:12:18.0115 6180 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:12:18.0165 6180 adpahci - ok
20:12:18.0275 6180 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:12:18.0315 6180 adpu320 - ok
20:12:18.0495 6180 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
20:12:18.0565 6180 AFD - ok
20:12:18.0675 6180 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
20:12:18.0705 6180 agp440 - ok
20:12:18.0825 6180 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
20:12:18.0855 6180 aliide - ok
20:12:18.0955 6180 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
20:12:18.0975 6180 amdide - ok
20:12:19.0085 6180 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:12:19.0125 6180 AmdK8 - ok
20:12:19.0215 6180 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:12:19.0265 6180 AmdPPM - ok
20:12:19.0385 6180 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
20:12:19.0425 6180 amdsata - ok
20:12:19.0525 6180 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:12:19.0545 6180 amdsbs - ok
20:12:19.0635 6180 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
20:12:19.0645 6180 amdxata - ok
20:12:19.0755 6180 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
20:12:20.0005 6180 AppID - ok
20:12:20.0125 6180 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:12:20.0155 6180 arc - ok
20:12:20.0265 6180 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:12:20.0275 6180 arcsas - ok
20:12:20.0375 6180 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:12:20.0455 6180 AsyncMac - ok
20:12:20.0545 6180 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
20:12:20.0565 6180 atapi - ok
20:12:20.0685 6180 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:12:20.0745 6180 b06bdrv - ok
20:12:20.0855 6180 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:12:20.0925 6180 b57nd60a - ok
20:12:21.0045 6180 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:12:21.0135 6180 Beep - ok
20:12:21.0245 6180 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:12:21.0295 6180 blbdrive - ok
20:12:21.0385 6180 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
20:12:21.0435 6180 bowser ( UnsignedFile.Multi.Generic ) - warning
20:12:21.0435 6180 bowser - detected UnsignedFile.Multi.Generic (1)
20:12:21.0535 6180 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\windows\system32\DRIVERS\bpenum.sys
20:12:21.0575 6180 bpenum - ok
20:12:21.0705 6180 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\windows\system32\DRIVERS\bpmp.sys
20:12:21.0765 6180 bpmp - ok
20:12:21.0865 6180 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\windows\system32\Drivers\bpusb.sys
20:12:21.0915 6180 bpusb - ok
20:12:22.0025 6180 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:12:22.0125 6180 BrFiltLo - ok
20:12:22.0265 6180 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:12:22.0305 6180 BrFiltUp - ok
20:12:22.0385 6180 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:12:22.0455 6180 Brserid - ok
20:12:22.0635 6180 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:12:22.0715 6180 BrSerWdm - ok
20:12:22.0885 6180 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:12:23.0135 6180 BrUsbMdm - ok
20:12:23.0305 6180 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:12:23.0365 6180 BrUsbSer - ok
20:12:23.0455 6180 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:12:23.0505 6180 BTHMODEM - ok
20:12:23.0625 6180 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:12:23.0745 6180 cdfs - ok
20:12:23.0895 6180 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
20:12:24.0035 6180 cdrom - ok
20:12:24.0175 6180 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:12:24.0235 6180 circlass - ok
20:12:24.0345 6180 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:12:24.0375 6180 CLFS - ok
20:12:24.0495 6180 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:12:24.0515 6180 CmBatt - ok
20:12:24.0615 6180 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
20:12:24.0645 6180 cmdide - ok
20:12:24.0735 6180 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
20:12:24.0775 6180 CNG - ok
20:12:24.0885 6180 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:12:24.0905 6180 Compbatt - ok
20:12:25.0015 6180 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
20:12:25.0055 6180 CompositeBus - ok
20:12:25.0185 6180 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:12:25.0205 6180 crcdisk - ok
20:12:25.0345 6180 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
20:12:25.0375 6180 DfsC - ok
20:12:25.0485 6180 dg_ssudbus (bf4e72d6fa78fedc4b8577116eface7e) C:\windows\system32\DRIVERS\ssudbus.sys
20:12:25.0585 6180 dg_ssudbus - ok
20:12:25.0685 6180 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:12:25.0795 6180 discache - ok
20:12:25.0995 6180 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:12:26.0025 6180 Disk - ok
20:12:26.0155 6180 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:12:26.0205 6180 drmkaud - ok
20:12:26.0305 6180 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\windows\System32\drivers\dxgkrnl.sys
20:12:26.0355 6180 DXGKrnl - ok
20:12:26.0625 6180 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:12:26.0805 6180 ebdrv - ok
20:12:26.0975 6180 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:12:27.0005 6180 eeCtrl - ok
20:12:27.0115 6180 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:12:27.0155 6180 elxstor - ok
20:12:27.0315 6180 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:12:27.0335 6180 EraserUtilRebootDrv - ok
20:12:27.0415 6180 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
20:12:27.0475 6180 ErrDev - ok
20:12:27.0585 6180 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:12:27.0655 6180 exfat - ok
20:12:27.0735 6180 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:12:27.0825 6180 fastfat - ok
20:12:27.0935 6180 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:12:27.0995 6180 fdc - ok
20:12:28.0115 6180 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:12:28.0135 6180 FileInfo - ok
20:12:28.0225 6180 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:12:28.0315 6180 Filetrace - ok
20:12:28.0415 6180 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:12:28.0475 6180 flpydisk - ok
20:12:28.0595 6180 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
20:12:28.0625 6180 FltMgr - ok
20:12:28.0735 6180 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:12:28.0755 6180 FsDepends - ok
20:12:28.0915 6180 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:12:28.0925 6180 Fs_Rec - ok
20:12:29.0055 6180 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
20:12:29.0085 6180 fvevol - ok
20:12:29.0185 6180 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:12:29.0235 6180 gagp30kx - ok
20:12:29.0375 6180 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:12:29.0425 6180 hcw85cir - ok
20:12:29.0545 6180 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
20:12:29.0625 6180 HdAudAddService - ok
20:12:29.0795 6180 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:12:29.0845 6180 HDAudBus - ok
20:12:29.0945 6180 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:12:29.0965 6180 HECIx64 - ok
20:12:30.0045 6180 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:12:30.0115 6180 HidBatt - ok
20:12:30.0235 6180 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:12:30.0295 6180 HidBth - ok
20:12:30.0395 6180 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:12:30.0445 6180 HidIr - ok
20:12:30.0585 6180 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
20:12:30.0615 6180 HidUsb - ok
20:12:30.0735 6180 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
20:12:30.0755 6180 HpSAMD - ok
20:12:30.0865 6180 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
20:12:30.0945 6180 HTTP - ok
20:12:31.0045 6180 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
20:12:31.0075 6180 hwpolicy - ok
20:12:31.0175 6180 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:12:31.0215 6180 i8042prt - ok
20:12:31.0335 6180 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
20:12:31.0355 6180 iaStor - ok
20:12:31.0455 6180 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
20:12:31.0515 6180 iaStorV - ok
20:12:31.0775 6180 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\windows\system32\DRIVERS\igdkmd64.sys
20:12:32.0405 6180 igfx - ok
20:12:32.0485 6180 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:12:32.0515 6180 iirsp - ok
20:12:32.0615 6180 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:12:32.0665 6180 Impcd - ok
20:12:32.0875 6180 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
20:12:33.0015 6180 IntcAzAudAddService - ok
20:12:33.0115 6180 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\windows\system32\DRIVERS\IntcDAud.sys
20:12:33.0175 6180 IntcDAud - ok
20:12:33.0275 6180 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
20:12:33.0305 6180 intelide - ok
20:12:33.0455 6180 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:12:33.0505 6180 intelppm - ok
20:12:33.0625 6180 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:12:33.0695 6180 IpFilterDriver - ok
20:12:33.0785 6180 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:12:33.0835 6180 IPMIDRV - ok
20:12:33.0955 6180 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:12:34.0025 6180 IPNAT - ok
20:12:34.0125 6180 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:12:34.0175 6180 IRENUM - ok
20:12:34.0265 6180 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
20:12:34.0295 6180 isapnp - ok
20:12:34.0385 6180 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
20:12:34.0415 6180 iScsiPrt - ok
20:12:34.0525 6180 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys
20:12:34.0545 6180 JMCR - ok
20:12:34.0785 6180 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:12:34.0795 6180 kbdclass - ok
20:12:34.0995 6180 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
20:12:35.0055 6180 kbdhid - ok
20:12:35.0165 6180 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
20:12:35.0185 6180 KSecDD - ok
20:12:35.0285 6180 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
20:12:35.0305 6180 KSecPkg - ok
20:12:35.0395 6180 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:12:35.0475 6180 ksthunk - ok
20:12:35.0595 6180 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:12:35.0685 6180 lltdio - ok
20:12:35.0805 6180 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
20:12:35.0825 6180 LPCFilter - ok
20:12:35.0915 6180 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:12:35.0955 6180 LSI_FC - ok
20:12:36.0055 6180 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:12:36.0085 6180 LSI_SAS - ok
20:12:36.0185 6180 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:12:36.0215 6180 LSI_SAS2 - ok
20:12:36.0325 6180 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:12:36.0355 6180 LSI_SCSI - ok
20:12:36.0455 6180 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:12:36.0555 6180 luafv - ok
20:12:36.0695 6180 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
20:12:36.0705 6180 MBAMProtector - ok
20:12:36.0825 6180 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:12:36.0855 6180 megasas - ok
20:12:36.0945 6180 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:12:36.0995 6180 MegaSR - ok
20:12:37.0105 6180 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:12:37.0215 6180 Modem - ok
20:12:37.0325 6180 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:12:37.0375 6180 monitor - ok
20:12:37.0505 6180 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:12:37.0515 6180 mouclass - ok
20:12:37.0625 6180 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:12:37.0675 6180 mouhid - ok
20:12:37.0755 6180 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
20:12:37.0775 6180 mountmgr - ok
20:12:38.0015 6180 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
20:12:38.0055 6180 mpio - ok
20:12:38.0135 6180 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:12:38.0215 6180 mpsdrv - ok
20:12:38.0305 6180 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
20:12:38.0365 6180 MRxDAV - ok
20:12:38.0465 6180 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
20:12:38.0525 6180 mrxsmb - ok
20:12:38.0635 6180 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:12:38.0685 6180 mrxsmb10 - ok
20:12:38.0785 6180 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:12:38.0835 6180 mrxsmb20 - ok
20:12:38.0925 6180 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\DRIVERS\msahci.sys
20:12:38.0945 6180 msahci - ok
20:12:39.0055 6180 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
20:12:39.0085 6180 msdsm - ok
20:12:39.0195 6180 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:12:39.0275 6180 Msfs - ok
20:12:39.0375 6180 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:12:39.0465 6180 mshidkmdf - ok
20:12:39.0555 6180 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
20:12:39.0565 6180 msisadrv - ok
20:12:39.0695 6180 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:12:39.0795 6180 MSKSSRV - ok
20:12:39.0895 6180 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:12:39.0985 6180 MSPCLOCK - ok
20:12:40.0075 6180 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:12:40.0175 6180 MSPQM - ok
20:12:40.0265 6180 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
20:12:40.0295 6180 MsRPC - ok
20:12:40.0395 6180 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:12:40.0415 6180 mssmbios - ok
20:12:40.0515 6180 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:12:40.0595 6180 MSTEE - ok
20:12:40.0675 6180 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:12:40.0735 6180 MTConfig - ok
20:12:40.0955 6180 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:12:40.0975 6180 Mup - ok
20:12:41.0105 6180 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:12:41.0165 6180 NativeWifiP - ok
20:12:41.0335 6180 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120311.017\ENG64.SYS
20:12:41.0355 6180 NAVENG - ok
20:12:41.0585 6180 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120311.017\EX64.SYS
20:12:41.0645 6180 NAVEX15 - ok
20:12:41.0765 6180 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
20:12:41.0825 6180 NDIS - ok
20:12:41.0925 6180 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:12:42.0005 6180 NdisCap - ok
20:12:42.0095 6180 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:12:42.0175 6180 NdisTapi - ok
20:12:42.0275 6180 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
20:12:42.0365 6180 Ndisuio - ok
20:12:42.0435 6180 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
20:12:42.0495 6180 NdisWan - ok
20:12:42.0595 6180 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
20:12:42.0695 6180 NDProxy - ok
20:12:42.0855 6180 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:12:42.0965 6180 NetBIOS - ok
20:12:43.0055 6180 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
20:12:43.0165 6180 NetBT - ok
20:12:43.0465 6180 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\windows\system32\DRIVERS\NETwNs64.sys
20:12:43.0705 6180 NETwNs64 - ok
20:12:43.0795 6180 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:12:43.0815 6180 nfrd960 - ok
20:12:44.0015 6180 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:12:44.0115 6180 Npfs - ok
20:12:44.0195 6180 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:12:44.0285 6180 nsiproxy - ok
20:12:44.0425 6180 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
20:12:44.0475 6180 Ntfs - ok
20:12:44.0555 6180 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:12:44.0625 6180 Null - ok
20:12:44.0715 6180 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
20:12:44.0735 6180 nvraid - ok
20:12:44.0825 6180 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
20:12:44.0865 6180 nvstor - ok
20:12:44.0955 6180 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
20:12:44.0975 6180 nv_agp - ok
20:12:45.0065 6180 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
20:12:45.0095 6180 ohci1394 - ok
20:12:45.0205 6180 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:12:45.0225 6180 Parport - ok
20:12:45.0295 6180 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
20:12:45.0305 6180 partmgr - ok
20:12:45.0415 6180 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
20:12:45.0445 6180 pci - ok
20:12:45.0595 6180 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
20:12:45.0605 6180 pciide - ok
20:12:45.0685 6180 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:12:45.0715 6180 pcmcia - ok
20:12:45.0815 6180 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:12:45.0825 6180 pcw - ok
20:12:45.0915 6180 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:12:46.0055 6180 PEAUTH - ok
20:12:46.0155 6180 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
20:12:46.0165 6180 PGEffect - ok
20:12:46.0265 6180 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
20:12:46.0375 6180 PptpMiniport - ok
20:12:46.0455 6180 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:12:46.0495 6180 Processor - ok
20:12:46.0625 6180 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
20:12:46.0685 6180 Psched - ok
20:12:47.0085 6180 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:12:47.0285 6180 ql2300 - ok
20:12:47.0475 6180 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:12:47.0545 6180 ql40xx - ok
20:12:47.0635 6180 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:12:47.0685 6180 QWAVEdrv - ok
20:12:47.0895 6180 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:12:47.0985 6180 RasAcd - ok
20:12:48.0085 6180 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:12:48.0125 6180 RasAgileVpn - ok
20:12:48.0235 6180 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
20:12:48.0295 6180 Rasl2tp - ok
20:12:48.0395 6180 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:12:48.0475 6180 RasPppoe - ok
20:12:48.0575 6180 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:12:48.0675 6180 RasSstp - ok
20:12:48.0765 6180 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
20:12:48.0865 6180 rdbss - ok
20:12:48.0955 6180 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:12:49.0025 6180 rdpbus - ok
20:12:49.0115 6180 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:12:49.0215 6180 RDPCDD - ok
20:12:49.0315 6180 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:12:49.0395 6180 RDPENCDD - ok
20:12:49.0485 6180 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:12:49.0565 6180 RDPREFMP - ok
20:12:49.0635 6180 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
20:12:49.0735 6180 RDPWD - ok
20:12:49.0985 6180 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
20:12:50.0015 6180 rdyboost - ok
20:12:50.0145 6180 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:12:50.0225 6180 rspndr - ok
20:12:50.0335 6180 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
20:12:50.0355 6180 RTL8167 - ok
20:12:50.0435 6180 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
20:12:50.0475 6180 sbp2port - ok
20:12:50.0565 6180 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
20:12:50.0655 6180 scfilter - ok
20:12:50.0755 6180 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
20:12:50.0815 6180 sdbus - ok
20:12:50.0985 6180 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:12:51.0095 6180 secdrv - ok
20:12:51.0205 6180 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:12:51.0255 6180 Serenum - ok
20:12:51.0345 6180 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:12:51.0385 6180 Serial - ok
20:12:51.0475 6180 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:12:51.0525 6180 sermouse - ok
20:12:51.0635 6180 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
20:12:51.0665 6180 sffdisk - ok
20:12:51.0765 6180 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:12:51.0805 6180 sffp_mmc - ok
20:12:51.0895 6180 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
20:12:51.0935 6180 sffp_sd - ok
20:12:52.0045 6180 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:12:52.0075 6180 sfloppy - ok
20:12:52.0205 6180 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
20:12:52.0235 6180 Sftfs - ok
20:12:52.0335 6180 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:12:52.0365 6180 Sftplay - ok
20:12:52.0465 6180 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:12:52.0475 6180 Sftredir - ok
20:12:52.0565 6180 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
20:12:52.0585 6180 Sftvol - ok
20:12:52.0695 6180 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:12:52.0725 6180 SiSRaid2 - ok
20:12:52.0790 6180 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:12:52.0806 6180 SiSRaid4 - ok
20:12:53.0024 6180 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:12:53.0102 6180 Smb - ok
20:12:53.0196 6180 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:12:53.0227 6180 spldr - ok
20:12:53.0336 6180 SRTSP (c0691f43ea87761b67df6384cfc30b8d) C:\windows\system32\Drivers\SRTSP64.SYS
20:12:53.0383 6180 SRTSP - ok
20:12:53.0477 6180 SRTSPL (b0304f6120848db7d7709843e2294705) C:\windows\system32\Drivers\SRTSPL64.SYS
20:12:53.0524 6180 SRTSPL - ok
20:12:53.0633 6180 SRTSPX (165fde7386d792efac992eea34d03bc1) C:\windows\system32\Drivers\SRTSPX64.SYS
20:12:53.0664 6180 SRTSPX - ok
20:12:53.0758 6180 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
20:12:53.0804 6180 srv - ok
20:12:53.0914 6180 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
20:12:53.0960 6180 srv2 - ok
20:12:54.0070 6180 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
20:12:54.0116 6180 srvnet - ok
20:12:54.0226 6180 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\windows\system32\DRIVERS\ssudmdm.sys
20:12:54.0272 6180 ssudmdm - ok
20:12:54.0366 6180 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:12:54.0397 6180 stexstor - ok
20:12:54.0506 6180 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:12:54.0538 6180 swenum - ok
20:12:54.0662 6180 SymEvent (d1f1a5e72e33d6be449f5f1f4a513dd1) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
20:12:54.0694 6180 SymEvent - ok
20:12:54.0818 6180 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
20:12:54.0850 6180 SynTP - ok
20:12:55.0006 6180 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
20:12:55.0084 6180 Tcpip - ok
20:12:55.0224 6180 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
20:12:55.0302 6180 TCPIP6 - ok
20:12:55.0380 6180 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
20:12:55.0442 6180 tcpipreg - ok
20:12:55.0536 6180 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
20:12:55.0552 6180 tdcmdpst - ok
20:12:55.0645 6180 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:12:55.0786 6180 TDPIPE - ok
20:12:55.0947 6180 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:12:56.0067 6180 TDTCP - ok
20:12:56.0207 6180 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
20:12:56.0277 6180 tdx - ok
20:12:56.0377 6180 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
20:12:56.0397 6180 TermDD - ok
20:12:56.0494 6180 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
20:12:56.0509 6180 Thpdrv - ok
20:12:56.0618 6180 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
20:12:56.0634 6180 Thpevm - ok
20:12:56.0774 6180 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
20:12:56.0806 6180 tos_sps64 - ok
20:12:56.0946 6180 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
20:12:57.0008 6180 tssecsrv - ok
20:12:57.0102 6180 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
20:12:57.0149 6180 tunnel - ok
20:12:57.0227 6180 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:12:57.0227 6180 TVALZ - ok
20:12:57.0367 6180 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
20:12:57.0367 6180 TVALZFL - ok
20:12:57.0476 6180 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:12:57.0492 6180 uagp35 - ok
20:12:57.0570 6180 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
20:12:57.0648 6180 udfs - ok
20:12:57.0757 6180 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
20:12:57.0773 6180 uliagpkx - ok
20:12:57.0882 6180 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
20:12:57.0913 6180 umbus - ok
20:12:58.0007 6180 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:12:58.0054 6180 UmPass - ok
20:12:58.0194 6180 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
20:12:58.0225 6180 usbccgp - ok
20:12:58.0319 6180 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
20:12:58.0366 6180 usbcir - ok
20:12:58.0475 6180 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
20:12:58.0506 6180 usbehci - ok
20:12:58.0646 6180 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
20:12:58.0771 6180 usbhub - ok
20:12:58.0880 6180 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
20:12:58.0958 6180 usbohci - ok
20:12:59.0286 6180 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:12:59.0458 6180 usbprint - ok
20:12:59.0567 6180 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:12:59.0629 6180 usbscan - ok
20:12:59.0723 6180 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:12:59.0770 6180 USBSTOR - ok
20:12:59.0910 6180 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
20:12:59.0957 6180 usbuhci - ok
20:13:00.0066 6180 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
20:13:00.0097 6180 usbvideo - ok
20:13:00.0222 6180 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
20:13:00.0253 6180 vdrvroot - ok
20:13:00.0362 6180 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:13:00.0409 6180 vga - ok
20:13:00.0487 6180 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:13:00.0581 6180 VgaSave - ok
20:13:00.0721 6180 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
20:13:00.0752 6180 vhdmp - ok
20:13:00.0893 6180 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
20:13:00.0924 6180 viaide - ok
20:13:01.0018 6180 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
20:13:01.0033 6180 volmgr - ok
20:13:01.0127 6180 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
20:13:01.0158 6180 volmgrx - ok
20:13:01.0283 6180 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
20:13:01.0314 6180 volsnap - ok
20:13:01.0423 6180 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:13:01.0470 6180 vsmraid - ok
20:13:01.0564 6180 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:13:01.0610 6180 vwifibus - ok
20:13:01.0704 6180 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:13:01.0751 6180 vwififlt - ok
20:13:01.0860 6180 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
20:13:01.0891 6180 vwifimp - ok
20:13:02.0078 6180 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:13:02.0110 6180 WacomPen - ok
20:13:02.0219 6180 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:13:02.0297 6180 WANARP - ok
20:13:02.0328 6180 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:13:02.0390 6180 Wanarpv6 - ok
20:13:02.0500 6180 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:13:02.0531 6180 Wd - ok
20:13:02.0624 6180 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:13:02.0671 6180 Wdf01000 - ok
20:13:02.0765 6180 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\windows\system32\DRIVERS\WDKMD.sys
20:13:02.0780 6180 wdkmd - ok
20:13:02.0936 6180 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:13:02.0999 6180 WfpLwf - ok
20:13:03.0124 6180 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:13:03.0155 6180 WIMMount - ok
20:13:03.0342 6180 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
20:13:03.0389 6180 WinUsb - ok
20:13:03.0514 6180 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:13:03.0560 6180 WmiAcpi - ok
20:13:03.0685 6180 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:13:03.0794 6180 ws2ifsl - ok
20:13:03.0888 6180 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
20:13:03.0966 6180 WudfPf - ok
20:13:04.0060 6180 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
20:13:04.0153 6180 WUDFRd - ok
20:13:04.0216 6180 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0
20:13:04.0262 6180 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:13:04.0262 6180 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:13:05.0120 6180 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:13:05.0120 6180 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:13:05.0448 6180 Boot (0x1200) (7435fd853944c7870b9c51121f2d5bbd) \Device\Harddisk0\DR0\Partition0
20:13:05.0448 6180 \Device\Harddisk0\DR0\Partition0 - ok
20:13:05.0448 6180 ============================================================
20:13:05.0448 6180 Scan finished
20:13:05.0448 6180 ============================================================
20:13:05.0464 6376 Detected object count: 3
20:13:05.0464 6376 Actual detected object count: 3
20:13:29.0676 6376 bowser ( UnsignedFile.Multi.Generic ) - skipped by user
20:13:29.0676 6376 bowser ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:13:29.0826 6376 \Device\Harddisk0\DR0\# - copied to quarantine
20:13:29.0826 6376 \Device\Harddisk0\DR0 - copied to quarantine
20:13:29.0866 6376 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:13:30.0366 6376 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:13:30.0386 6376 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:13:30.0396 6376 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:13:30.0416 6376 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:13:30.0426 6376 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:13:30.0436 6376 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:13:30.0436 6376 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:13:30.0436 6376 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:13:30.0456 6376 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:13:30.0466 6376 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:13:30.0486 6376 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:13:30.0546 6376 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:13:30.0546 6376 \Device\Harddisk0\DR0 - ok
20:13:31.0266 6376 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:13:31.0266 6376 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:13:31.0266 6376 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:17:22.0587 6208 Deinitialize success



I just ran another quick scan on MBAM (posting the log incase it's helpful). It's not picking anything up anymore. Symantec is still picking up and quarintining some viruses though.



Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.12.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Bee :: BEE-PC [administrator]

Protection: Enabled

3/12/2012 8:38:45 PM
mbam-log-2012-03-12 (20-38-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192681
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by wasurenbou, 12 March 2012 - 07:52 PM.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 13 March 2012 - 03:47 PM

Good evening. :)

Symantec is still picking up and quarintining some viruses though.

You'll need to tell me what exactly and where before I can comment. Please remember that you can see the PC but I cannot - what you don't tell me i'll have to guess, and that won't be good for either of us as i'm a lousy guesser. :crazy:

So long, and thanks for all the fish.

 

 


#7 wasurenbou

wasurenbou
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 13 March 2012 - 05:18 PM

I'm having some trouble attaching Symantec's risk log. I'm getting a message saying I'm not permitted to upload "this type of file" (it's exported as an excel file). I copied and pasted it below but it looks like a mess =\ Please let me know if there is some other way for me to attach the file for you.

And just as a side note, Symantec hasn't picked anything up since the Trojan.Gen.2. MBAM hasn't been picking anything up either. Google Chrome is working fine now and Google search links haven't redirected me anywhere since the last post.


Filename Risk Action Risk Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description Date and Time
DWH89E2.tmp Trojan.Gen Log only File C:\Users\Bee\AppData\Local\Temp\ BEE-PC SYSTEM Log only C:\Users\Bee\AppData\Local\Temp\ Clean security risk Quarantine Auto-Protect scan The file was left unchanged. 3/2/2012
DWH45AA.tmp Trojan.Gen Log only File C:\Users\Bee\AppData\Local\Temp\ BEE-PC SYSTEM Log only C:\Users\Bee\AppData\Local\Temp\ Clean security risk Quarantine Auto-Protect scan The file was left unchanged. 3/2/2012
rasagini.dll Trojan.Cidox!gen1 Restart Required - Cleaned File C:\Users\Bee\AppData\Local\Temp\ BEE-PC Bee Cleaned C:\Users\Bee\AppData\Local\Temp\ Restart Required - Clean security risk Restart Required - Quarantine Auto-Protect scan The file was repaired successfully. 3/7/2012
rasagini.dll Trojan.Cidox!gen1 Access Denied File C:\Users\Bee\AppData\Local\Temp\ BEE-PC Bee Infected C:\Users\Bee\AppData\Local\Temp\ Clean security risk Quarantine Auto-Protect scan 3/8/2012
rasagini.dll Trojan.Cidox!gen1 Restart Processing File C:\Users\Bee\AppData\Local\Temp\ BEE-PC Bee Infected C:\Users\Bee\AppData\Local\Temp\ Delete Leave alone (log only) Auto-Protect scan Performing Post-Reboot Risk Processing. 3/10/2012
Cookie:bee@at.atwola.com/ Tracking Cookies Deleted Trackware Cookie:bee@at.atwola.com/ BEE-PC Bee Deleted Deleted Quarantine Leave alone (log only) Manual scan The file was deleted successfully. 3/12/2012
jar_cache8226743204554728145.tmp Trojan.Maljava Log only Compressed file c:\Users\Bee\AppData\Local\Temp\ BEE-PC Bee No infected items c:\Users\Bee\AppData\Local\Temp\ Leave alone (log only) Leave alone (log only) Manual scan The file was left unchanged. 3/12/2012
jar_cache8047206919530454109.tmp Trojan.Maljava Log only Compressed file c:\Users\Bee\AppData\Local\Temp\ BEE-PC Bee No infected items c:\Users\Bee\AppData\Local\Temp\ Leave alone (log only) Leave alone (log only) Manual scan The file was left unchanged. 3/12/2012
dyasraorsbsazduvzvbfpmxq/xvmnqskqztprezobkm... Trojan.Maljava Cleaned by deletion File; Compressed file c:\Users\Bee\AppData\Local\Temp\jar_cache8226743204554728145.tmp BEE-PC Bee Deleted Deleted Clean security risk Quarantine Manual scan The file was deleted successfully. 3/12/2012
dyasraorsbsazduvzvbfpmxq/vhomwlpumhmmw.class Trojan.Maljava Cleaned by deletion File; Compressed file c:\Users\Bee\AppData\Local\Temp\jar_cache8226743204554728145.tmp BEE-PC Bee Deleted Deleted Clean security risk Quarantine Manual scan The file was deleted successfully. 3/12/2012
dyasraorsbsazduvzvbfpmxq/qdowbpxuptpvfwzhjy... Trojan.Maljava Cleaned by deletion File; Compressed file c:\Users\Bee\AppData\Local\Temp\jar_cache8226743204554728145.tmp BEE-PC Bee Deleted Deleted Clean security risk Quarantine Manual scan The file was deleted successfully. 3/12/2012
dyasraorsbsazduvzvbfpmxq/hecmzjblfmaazinlf.... Trojan.Maljava Cleaned by deletion File; Compressed file c:\Users\Bee\AppData\Local\Temp\jar_cache8226743204554728145.tmp BEE-PC Bee Deleted Deleted Clean security risk Quarantine Manual scan The file was deleted successfully. 3/12/2012
dyasraorsbsazduvzvbfpmxq/fywgxaatawvg.class Trojan.Maljava Cleaned by deletion File; Compressed file c:\Users\Bee\AppData\Local\Temp\jar_cache8226743204554728145.tmp BEE-PC Bee Deleted Deleted Clean security risk Quarantine Manual scan The file was deleted successfully. 3/12/2012
asnbhxluwvbfgtkrbtxqjro.class Trojan.Maljava Cleaned by deletion File; Compressed file c:\Users\Bee\AppData\Local\Temp\jar_cache8047206919530454109.tmp BEE-PC Bee Deleted Deleted Clean security risk Quarantine Manual scan The file was deleted successfully. 3/12/2012
jar_cache8047206919530454109.tmp Trojan.Maljava Failed File c:\Users\Bee\AppData\Local\Temp\ BEE-PC Bee Infected c:\Users\Bee\AppData\Local\Temp\ Delete Leave alone (log only) Manual scan failed 3/12/2012
jar_cache8047206919530454109.tmp Trojan.Maljava Deleted File c:\Users\Bee\AppData\Local\Temp\ BEE-PC Bee Deleted Deleted Delete Leave alone (log only) Manual scan The file was deleted successfully. 3/12/2012
jar_cache8047206919530454109.tmp Trojan.Maljava Deleted File c:\Users\Bee\AppData\Local\Temp\ BEE-PC Bee Deleted Deleted Delete Leave alone (log only) Manual scan The file was deleted successfully. 3/12/2012
jar_cache8226743204554728145.tmp Trojan.Maljava Deleted File c:\Users\Bee\AppData\Local\Temp\ BEE-PC Bee Deleted Deleted Delete Leave alone (log only) Manual scan The file was deleted successfully. 3/12/2012
jar_cache8047206919530454109.tmp Trojan.Maljava Deleted File c:\Users\Bee\AppData\Local\Temp\ BEE-PC Bee Deleted Deleted Quarantine Leave alone (log only) Manual scan The file was deleted successfully. 3/12/2012
Cookie:bee@specificclick.net/ Tracking Cookies Deleted Trackware Cookie:bee@specificclick.net/ BEE-PC Bee Deleted Deleted Quarantine Leave alone (log only) Manual scan The file was deleted successfully. 3/12/2012
l10n[1].js JS.Alescurf Quarantined File C:\Users\Bee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AII4W41I\ BEE-PC Bee Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 3/12/2012
jquery-ui-1.8.10.custom.min[1].js JS.Alescurf Quarantined File C:\Users\Bee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A2NNTO68\ BEE-PC Bee Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 3/12/2012
jquery[1].js JS.Alescurf Quarantined File C:\Users\Bee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A2NNTO68\ BEE-PC Bee Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 3/12/2012
tsk0000.dta Trojan.Gen Quarantined File C:\TDSSKiller_Quarantine\12.03.2012_20.11.51\mbr0000\tdlfs0000\ BEE-PC Bee Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 3/12/2012
tsk0000.dta Trojan Horse Quarantined File C:\TDSSKiller_Quarantine\12.03.2012_20.11.51\mbr0000\tdlfs0000\ BEE-PC Bee Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 3/12/2012
tsk0001.dta Backdoor.Pihar Cleaned by deletion File C:\TDSSKiller_Quarantine\12.03.2012_20.11.51\mbr0000\tdlfs0000\ BEE-PC Bee Deleted Deleted Clean security risk Quarantine Auto-Protect scan The file was deleted successfully. 3/12/2012
tsk0002.dta Backdoor.Pihar Cleaned by deletion File C:\TDSSKiller_Quarantine\12.03.2012_20.11.51\mbr0000\tdlfs0000\ BEE-PC Bee Deleted Deleted Clean security risk Quarantine Auto-Protect scan The file was deleted successfully. 3/12/2012
tsk0005.dta Trojan Horse Quarantined File C:\TDSSKiller_Quarantine\12.03.2012_20.11.51\mbr0000\tdlfs0000\ BEE-PC Bee Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 3/12/2012
tsk0005.dta Trojan Horse Quarantined File C:\TDSSKiller_Quarantine\12.03.2012_20.11.51\mbr0000\tdlfs0000\ BEE-PC Bee Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 3/12/2012
76B7.tmp Trojan.Gen.2 Quarantined File C:\Users\Bee\AppData\Local\Temp\ BEE-PC SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 3/12/2012

#8 wasurenbou

wasurenbou
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 13 March 2012 - 08:18 PM

Spoke too soon =\ Symantec is catching some more Trojan.Gens. It will only log them though.

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 14 March 2012 - 03:49 PM

Good evening. :)

Start by running TDSSKiller again and have it delete everything that it finds and post the resulting log.

So long, and thanks for all the fish.

 

 


#10 wasurenbou

wasurenbou
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 14 March 2012 - 07:41 PM

Here's the updated TDSSKiller log.


20:15:16.0248 7008 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
20:15:16.0488 7008 ============================================================
20:15:16.0488 7008 Current date / time: 2012/03/14 20:15:16.0488
20:15:16.0488 7008 SystemInfo:
20:15:16.0488 7008
20:15:16.0489 7008 OS Version: 6.1.7600 ServicePack: 0.0
20:15:16.0489 7008 Product type: Workstation
20:15:16.0489 7008 ComputerName: BEE-PC
20:15:16.0489 7008 UserName: Bee
20:15:16.0489 7008 Windows directory: C:\windows
20:15:16.0489 7008 System windows directory: C:\windows
20:15:16.0489 7008 Running under WOW64
20:15:16.0489 7008 Processor architecture: Intel x64
20:15:16.0489 7008 Number of processors: 4
20:15:16.0489 7008 Page size: 0x1000
20:15:16.0489 7008 Boot type: Normal boot
20:15:16.0489 7008 ============================================================
20:15:19.0018 7008 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:15:19.0028 7008 \Device\Harddisk0\DR0:
20:15:19.0028 7008 MBR used
20:15:19.0028 7008 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48D59800
20:15:19.0118 7008 Initialize success
20:15:19.0118 7008 ============================================================
20:15:26.0609 12212 ============================================================
20:15:26.0609 12212 Scan started
20:15:26.0609 12212 Mode: Manual; SigCheck; TDLFS;
20:15:26.0609 12212 ============================================================
20:15:28.0637 12212 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\windows\system32\DRIVERS\1394ohci.sys
20:15:28.0886 12212 1394ohci - ok
20:15:28.0996 12212 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
20:15:29.0027 12212 ACPI - ok
20:15:29.0136 12212 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
20:15:29.0292 12212 acpials - ok
20:15:29.0401 12212 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
20:15:29.0495 12212 AcpiPmi - ok
20:15:29.0635 12212 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:15:29.0666 12212 adp94xx - ok
20:15:29.0776 12212 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:15:29.0791 12212 adpahci - ok
20:15:29.0900 12212 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:15:29.0932 12212 adpu320 - ok
20:15:30.0056 12212 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
20:15:30.0150 12212 AFD - ok
20:15:30.0259 12212 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
20:15:30.0290 12212 agp440 - ok
20:15:30.0400 12212 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
20:15:30.0431 12212 aliide - ok
20:15:30.0540 12212 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
20:15:30.0602 12212 amdide - ok
20:15:30.0712 12212 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:15:30.0790 12212 AmdK8 - ok
20:15:30.0883 12212 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:15:30.0914 12212 AmdPPM - ok
20:15:31.0024 12212 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
20:15:31.0055 12212 amdsata - ok
20:15:31.0148 12212 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:15:31.0180 12212 amdsbs - ok
20:15:31.0289 12212 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
20:15:31.0304 12212 amdxata - ok
20:15:31.0414 12212 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
20:15:31.0570 12212 AppID - ok
20:15:31.0710 12212 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:15:31.0741 12212 arc - ok
20:15:31.0850 12212 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:15:31.0866 12212 arcsas - ok
20:15:31.0960 12212 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:15:32.0240 12212 AsyncMac - ok
20:15:32.0334 12212 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
20:15:32.0365 12212 atapi - ok
20:15:32.0474 12212 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:15:32.0552 12212 b06bdrv - ok
20:15:32.0677 12212 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:15:32.0786 12212 b57nd60a - ok
20:15:32.0896 12212 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:15:32.0989 12212 Beep - ok
20:15:33.0114 12212 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:15:33.0176 12212 blbdrive - ok
20:15:33.0270 12212 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
20:15:33.0317 12212 bowser ( UnsignedFile.Multi.Generic ) - warning
20:15:33.0317 12212 bowser - detected UnsignedFile.Multi.Generic (1)
20:15:33.0426 12212 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\windows\system32\DRIVERS\bpenum.sys
20:15:33.0488 12212 bpenum - ok
20:15:33.0582 12212 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\windows\system32\DRIVERS\bpmp.sys
20:15:33.0644 12212 bpmp - ok
20:15:33.0769 12212 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\windows\system32\Drivers\bpusb.sys
20:15:33.0816 12212 bpusb - ok
20:15:33.0925 12212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:15:33.0988 12212 BrFiltLo - ok
20:15:34.0081 12212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:15:34.0128 12212 BrFiltUp - ok
20:15:34.0253 12212 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:15:34.0362 12212 Brserid - ok
20:15:34.0471 12212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:15:34.0534 12212 BrSerWdm - ok
20:15:34.0627 12212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:15:34.0690 12212 BrUsbMdm - ok
20:15:34.0814 12212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:15:34.0861 12212 BrUsbSer - ok
20:15:34.0986 12212 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:15:35.0095 12212 BTHMODEM - ok
20:15:35.0220 12212 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:15:35.0314 12212 cdfs - ok
20:15:35.0423 12212 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
20:15:35.0470 12212 cdrom - ok
20:15:35.0594 12212 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:15:35.0657 12212 circlass - ok
20:15:35.0766 12212 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:15:35.0797 12212 CLFS - ok
20:15:35.0906 12212 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:15:35.0953 12212 CmBatt - ok
20:15:36.0047 12212 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
20:15:36.0078 12212 cmdide - ok
20:15:36.0203 12212 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
20:15:36.0234 12212 CNG - ok
20:15:36.0343 12212 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:15:36.0359 12212 Compbatt - ok
20:15:36.0484 12212 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
20:15:36.0562 12212 CompositeBus - ok
20:15:36.0686 12212 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:15:36.0718 12212 crcdisk - ok
20:15:36.0936 12212 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
20:15:36.0998 12212 DfsC - ok
20:15:37.0092 12212 dg_ssudbus (bf4e72d6fa78fedc4b8577116eface7e) C:\windows\system32\DRIVERS\ssudbus.sys
20:15:37.0139 12212 dg_ssudbus - ok
20:15:37.0248 12212 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:15:37.0342 12212 discache - ok
20:15:37.0435 12212 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:15:37.0482 12212 Disk - ok
20:15:37.0591 12212 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:15:37.0654 12212 drmkaud - ok
20:15:37.0747 12212 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\windows\System32\drivers\dxgkrnl.sys
20:15:37.0794 12212 DXGKrnl - ok
20:15:37.0966 12212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:15:38.0059 12212 ebdrv - ok
20:15:38.0184 12212 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:15:38.0215 12212 eeCtrl - ok
20:15:38.0340 12212 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:15:38.0387 12212 elxstor - ok
20:15:38.0527 12212 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:15:38.0543 12212 EraserUtilRebootDrv - ok
20:15:38.0621 12212 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
20:15:38.0683 12212 ErrDev - ok
20:15:38.0824 12212 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:15:38.0902 12212 exfat - ok
20:15:38.0980 12212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:15:39.0073 12212 fastfat - ok
20:15:39.0167 12212 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:15:39.0198 12212 fdc - ok
20:15:39.0307 12212 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:15:39.0354 12212 FileInfo - ok
20:15:39.0416 12212 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:15:39.0572 12212 Filetrace - ok
20:15:39.0666 12212 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:15:39.0713 12212 flpydisk - ok
20:15:39.0806 12212 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
20:15:39.0853 12212 FltMgr - ok
20:15:39.0947 12212 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:15:39.0962 12212 FsDepends - ok
20:15:40.0072 12212 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:15:40.0103 12212 Fs_Rec - ok
20:15:40.0196 12212 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
20:15:40.0228 12212 fvevol - ok
20:15:40.0337 12212 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:15:40.0352 12212 gagp30kx - ok
20:15:40.0477 12212 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:15:40.0524 12212 hcw85cir - ok
20:15:40.0649 12212 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
20:15:40.0696 12212 HdAudAddService - ok
20:15:40.0820 12212 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:15:40.0883 12212 HDAudBus - ok
20:15:40.0992 12212 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:15:41.0008 12212 HECIx64 - ok
20:15:41.0086 12212 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:15:41.0132 12212 HidBatt - ok
20:15:41.0226 12212 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:15:41.0273 12212 HidBth - ok
20:15:41.0382 12212 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:15:41.0413 12212 HidIr - ok
20:15:41.0522 12212 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
20:15:41.0632 12212 HidUsb - ok
20:15:41.0756 12212 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
20:15:41.0788 12212 HpSAMD - ok
20:15:41.0897 12212 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
20:15:41.0990 12212 HTTP - ok
20:15:42.0100 12212 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
20:15:42.0115 12212 hwpolicy - ok
20:15:42.0240 12212 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:15:42.0271 12212 i8042prt - ok
20:15:42.0380 12212 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
20:15:42.0412 12212 iaStor - ok
20:15:42.0505 12212 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
20:15:42.0568 12212 iaStorV - ok
20:15:42.0848 12212 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\windows\system32\DRIVERS\igdkmd64.sys
20:15:43.0160 12212 igfx - ok
20:15:43.0270 12212 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:15:43.0285 12212 iirsp - ok
20:15:43.0379 12212 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:15:43.0441 12212 Impcd - ok
20:15:43.0613 12212 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
20:15:43.0691 12212 IntcAzAudAddService - ok
20:15:43.0784 12212 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\windows\system32\DRIVERS\IntcDAud.sys
20:15:43.0878 12212 IntcDAud - ok
20:15:43.0972 12212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
20:15:43.0987 12212 intelide - ok
20:15:44.0096 12212 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:15:44.0159 12212 intelppm - ok
20:15:44.0268 12212 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:15:44.0362 12212 IpFilterDriver - ok
20:15:44.0455 12212 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:15:44.0502 12212 IPMIDRV - ok
20:15:44.0596 12212 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:15:44.0674 12212 IPNAT - ok
20:15:44.0783 12212 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:15:44.0845 12212 IRENUM - ok
20:15:44.0970 12212 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
20:15:45.0017 12212 isapnp - ok
20:15:45.0126 12212 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
20:15:45.0157 12212 iScsiPrt - ok
20:15:45.0251 12212 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys
20:15:45.0266 12212 JMCR - ok
20:15:45.0360 12212 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:15:45.0391 12212 kbdclass - ok
20:15:45.0469 12212 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
20:15:45.0532 12212 kbdhid - ok
20:15:45.0641 12212 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
20:15:45.0656 12212 KSecDD - ok
20:15:45.0750 12212 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
20:15:45.0781 12212 KSecPkg - ok
20:15:45.0890 12212 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:15:45.0984 12212 ksthunk - ok
20:15:46.0109 12212 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:15:46.0202 12212 lltdio - ok
20:15:46.0343 12212 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
20:15:46.0358 12212 LPCFilter - ok
20:15:46.0452 12212 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:15:46.0483 12212 LSI_FC - ok
20:15:46.0577 12212 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:15:46.0608 12212 LSI_SAS - ok
20:15:46.0702 12212 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:15:46.0733 12212 LSI_SAS2 - ok
20:15:46.0826 12212 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:15:46.0842 12212 LSI_SCSI - ok
20:15:46.0920 12212 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:15:46.0998 12212 luafv - ok
20:15:47.0138 12212 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
20:15:47.0154 12212 MBAMProtector - ok
20:15:47.0263 12212 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:15:47.0294 12212 megasas - ok
20:15:47.0404 12212 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:15:47.0435 12212 MegaSR - ok
20:15:47.0513 12212 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:15:47.0606 12212 Modem - ok
20:15:47.0716 12212 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:15:47.0778 12212 monitor - ok
20:15:47.0887 12212 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:15:47.0903 12212 mouclass - ok
20:15:48.0012 12212 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:15:48.0059 12212 mouhid - ok
20:15:48.0168 12212 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
20:15:48.0184 12212 mountmgr - ok
20:15:48.0277 12212 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
20:15:48.0324 12212 mpio - ok
20:15:48.0402 12212 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:15:48.0480 12212 mpsdrv - ok
20:15:48.0574 12212 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
20:15:48.0636 12212 MRxDAV - ok
20:15:48.0714 12212 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
20:15:48.0776 12212 mrxsmb - ok
20:15:48.0870 12212 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:15:48.0917 12212 mrxsmb10 - ok
20:15:48.0995 12212 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:15:49.0073 12212 mrxsmb20 - ok
20:15:49.0151 12212 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\DRIVERS\msahci.sys
20:15:49.0166 12212 msahci - ok
20:15:49.0244 12212 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
20:15:49.0276 12212 msdsm - ok
20:15:49.0385 12212 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:15:49.0447 12212 Msfs - ok
20:15:49.0541 12212 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:15:49.0634 12212 mshidkmdf - ok
20:15:49.0712 12212 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
20:15:49.0744 12212 msisadrv - ok
20:15:49.0853 12212 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:15:49.0946 12212 MSKSSRV - ok
20:15:50.0040 12212 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:15:50.0102 12212 MSPCLOCK - ok
20:15:50.0180 12212 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:15:50.0290 12212 MSPQM - ok
20:15:50.0383 12212 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
20:15:50.0414 12212 MsRPC - ok
20:15:50.0492 12212 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:15:50.0524 12212 mssmbios - ok
20:15:50.0602 12212 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:15:50.0695 12212 MSTEE - ok
20:15:50.0773 12212 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:15:50.0820 12212 MTConfig - ok
20:15:50.0898 12212 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:15:50.0929 12212 Mup - ok
20:15:51.0038 12212 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:15:51.0101 12212 NativeWifiP - ok
20:15:51.0257 12212 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120313.002\ENG64.SYS
20:15:51.0272 12212 NAVENG - ok
20:15:51.0475 12212 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120313.002\EX64.SYS
20:15:51.0538 12212 NAVEX15 - ok
20:15:51.0662 12212 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
20:15:51.0725 12212 NDIS - ok
20:15:51.0818 12212 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:15:51.0881 12212 NdisCap - ok
20:15:51.0959 12212 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:15:52.0052 12212 NdisTapi - ok
20:15:52.0130 12212 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
20:15:52.0208 12212 Ndisuio - ok
20:15:52.0286 12212 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
20:15:52.0364 12212 NdisWan - ok
20:15:52.0458 12212 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
20:15:52.0552 12212 NDProxy - ok
20:15:52.0645 12212 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:15:52.0723 12212 NetBIOS - ok
20:15:52.0817 12212 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
20:15:52.0910 12212 NetBT - ok
20:15:53.0238 12212 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\windows\system32\DRIVERS\NETwNs64.sys
20:15:53.0519 12212 NETwNs64 - ok
20:15:53.0628 12212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:15:53.0644 12212 nfrd960 - ok
20:15:53.0753 12212 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:15:53.0815 12212 Npfs - ok
20:15:53.0924 12212 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:15:54.0002 12212 nsiproxy - ok
20:15:54.0127 12212 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
20:15:54.0190 12212 Ntfs - ok
20:15:54.0268 12212 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:15:54.0330 12212 Null - ok
20:15:54.0424 12212 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
20:15:54.0470 12212 nvraid - ok
20:15:54.0564 12212 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
20:15:54.0580 12212 nvstor - ok
20:15:54.0689 12212 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
20:15:54.0704 12212 nv_agp - ok
20:15:54.0798 12212 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
20:15:54.0829 12212 ohci1394 - ok
20:15:54.0938 12212 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:15:54.0970 12212 Parport - ok
20:15:55.0063 12212 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
20:15:55.0079 12212 partmgr - ok
20:15:55.0172 12212 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
20:15:55.0188 12212 pci - ok
20:15:55.0282 12212 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
20:15:55.0297 12212 pciide - ok
20:15:55.0391 12212 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:15:55.0422 12212 pcmcia - ok
20:15:55.0500 12212 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:15:55.0531 12212 pcw - ok
20:15:55.0625 12212 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:15:55.0718 12212 PEAUTH - ok
20:15:55.0812 12212 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
20:15:55.0874 12212 PGEffect - ok
20:15:55.0968 12212 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
20:15:56.0062 12212 PptpMiniport - ok
20:15:56.0140 12212 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:15:56.0202 12212 Processor - ok
20:15:56.0311 12212 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
20:15:56.0389 12212 Psched - ok
20:15:56.0545 12212 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:15:56.0608 12212 ql2300 - ok
20:15:56.0717 12212 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:15:56.0748 12212 ql40xx - ok
20:15:56.0810 12212 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:15:56.0888 12212 QWAVEdrv - ok
20:15:57.0029 12212 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:15:57.0107 12212 RasAcd - ok
20:15:57.0419 12212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:15:57.0481 12212 RasAgileVpn - ok
20:15:57.0684 12212 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
20:15:57.0778 12212 Rasl2tp - ok
20:15:58.0121 12212 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:15:58.0230 12212 RasPppoe - ok
20:15:58.0324 12212 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:15:58.0402 12212 RasSstp - ok
20:15:58.0495 12212 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
20:15:58.0589 12212 rdbss - ok
20:15:58.0667 12212 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:15:58.0729 12212 rdpbus - ok
20:15:58.0838 12212 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:15:58.0901 12212 RDPCDD - ok
20:15:58.0994 12212 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:15:59.0072 12212 RDPENCDD - ok
20:15:59.0150 12212 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:15:59.0213 12212 RDPREFMP - ok
20:15:59.0306 12212 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
20:15:59.0384 12212 RDPWD - ok
20:15:59.0478 12212 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
20:15:59.0509 12212 rdyboost - ok
20:15:59.0618 12212 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:15:59.0696 12212 rspndr - ok
20:15:59.0806 12212 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
20:15:59.0821 12212 RTL8167 - ok
20:15:59.0915 12212 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
20:15:59.0930 12212 sbp2port - ok
20:16:00.0024 12212 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
20:16:00.0102 12212 scfilter - ok
20:16:00.0196 12212 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
20:16:00.0274 12212 sdbus - ok
20:16:00.0367 12212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:16:00.0445 12212 secdrv - ok
20:16:00.0539 12212 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:16:00.0586 12212 Serenum - ok
20:16:00.0679 12212 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:16:00.0710 12212 Serial - ok
20:16:00.0804 12212 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:16:00.0835 12212 sermouse - ok
20:16:00.0944 12212 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
20:16:00.0991 12212 sffdisk - ok
20:16:01.0085 12212 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:16:01.0147 12212 sffp_mmc - ok
20:16:01.0288 12212 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
20:16:01.0319 12212 sffp_sd - ok
20:16:01.0412 12212 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:16:01.0444 12212 sfloppy - ok
20:16:01.0568 12212 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
20:16:01.0615 12212 Sftfs - ok
20:16:01.0724 12212 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:16:01.0740 12212 Sftplay - ok
20:16:01.0849 12212 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:16:01.0865 12212 Sftredir - ok
20:16:01.0943 12212 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
20:16:01.0974 12212 Sftvol - ok
20:16:02.0083 12212 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:16:02.0099 12212 SiSRaid2 - ok
20:16:02.0192 12212 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:16:02.0208 12212 SiSRaid4 - ok
20:16:02.0317 12212 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:16:02.0364 12212 Smb - ok
20:16:02.0473 12212 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:16:02.0504 12212 spldr - ok
20:16:02.0598 12212 SRTSP (c0691f43ea87761b67df6384cfc30b8d) C:\windows\system32\Drivers\SRTSP64.SYS
20:16:02.0629 12212 SRTSP - ok
20:16:02.0738 12212 SRTSPL (b0304f6120848db7d7709843e2294705) C:\windows\system32\Drivers\SRTSPL64.SYS
20:16:02.0785 12212 SRTSPL - ok
20:16:02.0863 12212 SRTSPX (165fde7386d792efac992eea34d03bc1) C:\windows\system32\Drivers\SRTSPX64.SYS
20:16:02.0894 12212 SRTSPX - ok
20:16:02.0988 12212 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
20:16:03.0050 12212 srv - ok
20:16:03.0144 12212 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
20:16:03.0206 12212 srv2 - ok
20:16:03.0300 12212 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
20:16:03.0362 12212 srvnet - ok
20:16:03.0487 12212 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\windows\system32\DRIVERS\ssudmdm.sys
20:16:03.0503 12212 ssudmdm - ok
20:16:03.0596 12212 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:16:03.0612 12212 stexstor - ok
20:16:03.0721 12212 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:16:03.0737 12212 swenum - ok
20:16:03.0862 12212 SymEvent (d1f1a5e72e33d6be449f5f1f4a513dd1) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
20:16:03.0877 12212 SymEvent - ok
20:16:04.0002 12212 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
20:16:04.0033 12212 SynTP - ok
20:16:04.0205 12212 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
20:16:04.0267 12212 Tcpip - ok
20:16:04.0408 12212 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
20:16:04.0454 12212 TCPIP6 - ok
20:16:04.0532 12212 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
20:16:04.0595 12212 tcpipreg - ok
20:16:04.0704 12212 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
20:16:04.0720 12212 tdcmdpst - ok
20:16:04.0798 12212 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:16:04.0876 12212 TDPIPE - ok
20:16:04.0954 12212 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:16:05.0032 12212 TDTCP - ok
20:16:05.0125 12212 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
20:16:05.0219 12212 tdx - ok
20:16:05.0312 12212 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
20:16:05.0328 12212 TermDD - ok
20:16:05.0437 12212 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
20:16:05.0468 12212 Thpdrv - ok
20:16:05.0578 12212 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
20:16:05.0593 12212 Thpevm - ok
20:16:05.0734 12212 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
20:16:05.0780 12212 tos_sps64 - ok
20:16:05.0858 12212 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
20:16:05.0921 12212 tssecsrv - ok
20:16:06.0046 12212 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
20:16:06.0108 12212 tunnel - ok
20:16:06.0186 12212 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:16:06.0217 12212 TVALZ - ok
20:16:06.0295 12212 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
20:16:06.0311 12212 TVALZFL - ok
20:16:06.0404 12212 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:16:06.0436 12212 uagp35 - ok
20:16:06.0514 12212 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
20:16:06.0607 12212 udfs - ok
20:16:06.0716 12212 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
20:16:06.0748 12212 uliagpkx - ok
20:16:06.0841 12212 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
20:16:06.0904 12212 umbus - ok
20:16:07.0013 12212 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:16:07.0044 12212 UmPass - ok
20:16:07.0184 12212 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
20:16:07.0247 12212 usbccgp - ok
20:16:07.0325 12212 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
20:16:07.0387 12212 usbcir - ok
20:16:07.0481 12212 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
20:16:07.0528 12212 usbehci - ok
20:16:07.0637 12212 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
20:16:07.0684 12212 usbhub - ok
20:16:07.0762 12212 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
20:16:07.0808 12212 usbohci - ok
20:16:07.0918 12212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:16:07.0964 12212 usbprint - ok
20:16:08.0058 12212 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:16:08.0120 12212 usbscan - ok
20:16:08.0198 12212 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:16:08.0261 12212 USBSTOR - ok
20:16:08.0354 12212 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
20:16:08.0386 12212 usbuhci - ok
20:16:08.0495 12212 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
20:16:08.0542 12212 usbvideo - ok
20:16:08.0651 12212 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
20:16:08.0666 12212 vdrvroot - ok
20:16:08.0791 12212 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:16:08.0822 12212 vga - ok
20:16:08.0900 12212 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:16:08.0978 12212 VgaSave - ok
20:16:09.0072 12212 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
20:16:09.0103 12212 vhdmp - ok
20:16:09.0181 12212 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
20:16:09.0212 12212 viaide - ok
20:16:09.0290 12212 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
20:16:09.0322 12212 volmgr - ok
20:16:09.0509 12212 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
20:16:09.0524 12212 volmgrx - ok
20:16:09.0634 12212 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
20:16:09.0649 12212 volsnap - ok
20:16:09.0758 12212 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:16:09.0790 12212 vsmraid - ok
20:16:09.0883 12212 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:16:09.0930 12212 vwifibus - ok
20:16:10.0024 12212 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:16:10.0070 12212 vwififlt - ok
20:16:10.0164 12212 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
20:16:10.0195 12212 vwifimp - ok
20:16:10.0304 12212 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:16:10.0351 12212 WacomPen - ok
20:16:10.0460 12212 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:16:10.0538 12212 WANARP - ok
20:16:10.0570 12212 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:16:10.0601 12212 Wanarpv6 - ok
20:16:10.0710 12212 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:16:10.0726 12212 Wd - ok
20:16:10.0835 12212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:16:10.0866 12212 Wdf01000 - ok
20:16:10.0944 12212 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\windows\system32\DRIVERS\WDKMD.sys
20:16:10.0975 12212 wdkmd - ok
20:16:11.0084 12212 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:16:11.0147 12212 WfpLwf - ok
20:16:11.0240 12212 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:16:11.0272 12212 WIMMount - ok
20:16:11.0428 12212 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
20:16:11.0490 12212 WinUsb - ok
20:16:11.0599 12212 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:16:11.0646 12212 WmiAcpi - ok
20:16:11.0755 12212 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:16:11.0849 12212 ws2ifsl - ok
20:16:11.0942 12212 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
20:16:12.0020 12212 WudfPf - ok
20:16:12.0114 12212 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
20:16:12.0192 12212 WUDFRd - ok
20:16:12.0239 12212 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:16:13.0081 12212 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:16:13.0081 12212 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:16:13.0112 12212 Boot (0x1200) (7435fd853944c7870b9c51121f2d5bbd) \Device\Harddisk0\DR0\Partition0
20:16:13.0128 12212 \Device\Harddisk0\DR0\Partition0 - ok
20:16:13.0128 12212 ============================================================
20:16:13.0128 12212 Scan finished
20:16:13.0128 12212 ============================================================
20:16:13.0128 5148 Detected object count: 2
20:16:13.0128 5148 Actual detected object count: 2
20:17:28.0165 5148 C:\windows\system32\DRIVERS\bowser.sys - copied to quarantine
20:17:28.0212 5148 HKLM\SYSTEM\ControlSet001\services\bowser - will be deleted on reboot
20:17:28.0212 5148 HKLM\SYSTEM\ControlSet001\control\safeboot\Network\bowser - will be deleted on reboot
20:17:28.0243 5148 HKLM\SYSTEM\ControlSet002\services\bowser - will be deleted on reboot
20:17:28.0258 5148 HKLM\SYSTEM\ControlSet002\control\safeboot\Network\bowser - will be deleted on reboot
20:17:28.0258 5148 C:\windows\system32\DRIVERS\bowser.sys - will be deleted on reboot
20:17:28.0258 5148 bowser ( UnsignedFile.Multi.Generic ) - User select action: Delete
20:17:28.0648 5148 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:17:28.0773 5148 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:17:29.0070 5148 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:17:29.0085 5148 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:17:29.0304 5148 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:17:29.0335 5148 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:17:29.0460 5148 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:17:29.0475 5148 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:17:29.0475 5148 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:17:29.0491 5148 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:17:29.0553 5148 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:17:29.0709 5148 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:17:29.0725 5148 \Device\Harddisk0\DR0\TDLFS - deleted
20:17:29.0725 5148 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
20:17:32.0611 11736 Deinitialize success




Also, here's yet another log from a quick scan I did with MBAM after the reboot. It seems like svchost.exe and the internet security is back.(Please let me know if you don't need anymore MBAM logs. I'm just posting them because I'm nore sure if you need them or not.)


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Bee :: BEE-PC [administrator]

Protection: Enabled

3/14/2012 8:30:28 PM
mbam-log-2012-03-14 (20-30-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192684
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.Agent) -> Data: C:\Users\Bee\AppData\Roaming\WinDir\Svchost.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Bee\AppData\Local\Temp\6E3E.tmp (Rogue.InternetSecurity) -> Quarantined and deleted successfully.

(end)


EDIT: The svchost.exe Trojan.Agent came back after the reboot that was prompted by MBAM.

Edited by wasurenbou, 14 March 2012 - 08:01 PM.


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 15 March 2012 - 03:21 PM

Good evening. :)

Download Junction.zip by Mark Russinovich from here and save it to your Desktop - you'll need to unzip this one as well.

  • Copy and paste the file junction.exe into the Windows directory (C:\Windows).
  • Go to Start > Run..., copy the following into the textbox and click OK:

    • cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
  • A Command Window will open and the tool will start scanning.
  • When it's done, a text file called log.txt will appear - i'd like a copy of that in your next reply.

So long, and thanks for all the fish.

 

 


#12 wasurenbou

wasurenbou
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 16 March 2012 - 08:59 AM

Hi Noviciate

I've copied the file into the windows directory and ran the command you told me to, but nothing happened. I can see the command window pop up for a split second before it disappears, but that's it. Nothing indicated that the tool was scanning and I couldn't find the log anywhere.

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 16 March 2012 - 03:47 PM

Good evening. :)

My bad! :blush: I'm still getting my head around the differences between XP and 7 after a recent upgrade and the above doesn't work on 7 - sorry.

Assuming that junction.exe is still in the Windows folder:

  • Click the Windows button in the bottom left hand corner of the screen.
  • Enter cmd in the "Search programs and files" textbox and then hit <ENTER> - this should open a Command Window..
  • Copy and paste the following into it:

    • junction -s c:\ >> "%userprofile%\desktop\jlog.txt"
  • You may need to OK the "Terms and conditions" agreement, depending on whether or not you have run the tool before.
  • While the tool is scanning you should see the cursor flashing in the Command Window. When you see the Command Prompt written to a new line, it has finished and the results will be written to the textfile jlog.txt on your Desktop.
  • Please post the contents of this file in your next reply.

Hopefully this should get a better result than last time.

So long, and thanks for all the fish.

 

 


#14 wasurenbou

wasurenbou
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 18 March 2012 - 03:25 PM

Sorry for the late response! Here's the log.



Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.



Failed to open \\?\c:\\$Recycle.Bin\S-1-5-20: Access is denied.



Failed to open \\?\c:\\$Recycle.Bin\S-1-5-21-3612376384-915294504-3741346627-500: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Program Files (x86)\Google\CrashReports: Access is denied.


.

...

...

...

...

...

.\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

.\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.

...

..
Failed to open \\?\c:\\ProgramData\Microsoft\Windows Defender: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\Keys\f61ac652b2df76a1ddb4945a50386cb0_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\S-1-5-18: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00909db419ca5350292ea74bb109f08e_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0897465d820d1e897851394e6c55331d_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08aea51e06557b06931720f29cd669c9_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21b777ec214a24404be00d229ba6f840_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\26c63ec7ece52e2db0d0490e6c72824d_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d829630a94dd7e3dbd30551f24789f8_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\466bd9649f161f0d3177e7a625453d82_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c6f6240bf7f04e36719e7bda658760b_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b2b094e5aadf27f6c042bb556998111_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f5de8eca0389151db2b708b488f2f0c_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7bf26f037de3e8311426cf26aedee63c_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8297b2f15d3dc640206929131b292094_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\86d2a292c070035c6e447c64ecfee44b_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ce2d617b3cef4d5df17f520b9d119ec_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9c3905bc44e3797d7c3c63812ce9323b_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a3f884e2df3c6efef3640559f0f9c048_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ac573d31ead6eb132bfbb51eea268426_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b8e77f4d6dd91a1fb1ac52b4a9393cec_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c6bbb15c67e2f942b02fd9c7e18b1bf0_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c756ddcbd8aa4cb662d646100caedb10_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd3240b209e4137cbee5b3167957a9c7_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df814a9bde17f0e3ced14bee5cc8b989_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f07009ce76584f096c96b8fccc30af5c_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f3b792cb169c82ef907ff25b6cc75a2b_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc5e5d11f3de60fb598901a3246fd92c_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Network\Downloader: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Search\Data: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics: Access is denied.


.
Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_coh64.exe_208f7dcc359b5bb119830b094c6e69d1d4e721_022115b1: Access is denied.





Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_PsiService_2.exe_5cccef1aa887eb5f4b9e092c8737189ae8bd1_01f52490: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_314dba050848b59681e9c7fb2de59bda0fea8f0_02fb4513: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_00de7149: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_00f2e220: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_016f0d49: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_02382e8d: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0329f7b6: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_03a35d35: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0415b01e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0564e5dd: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_056ef455: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_067cbb72: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_06f5114e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0798b67e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0889547e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_08940286: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_092c0aa8: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0bc2881c: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0c84db4e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0f42d196: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_10ca9731: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_12238522: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_12bf3b13: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1375ddd9: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1405c1c8: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_14123fa3: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_150face3: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1548b12a: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_16e756c9: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_16f915d1: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_17700ea2: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1bc4bc07: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1cf59d61: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1d13a6f5: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_203486aa: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_24518a5d: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_2462ad37: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_24c2b7bb: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_2b4899ae: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_2d20baac: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_2e35baad: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_3017e21a: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_32e8ee62: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_34635ef6: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_3474b59a: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_34874930: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_37f7b11e: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_38dbecda: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_39cfa980: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_3f3d9553: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_3ff2e228: Access is denied.


.
Failed to open \\?\c:\\ProgramData\Microsoft\Windows NT\MSFax: Access is denied.


.
Failed to open \\?\c:\\ProgramData\Symantec\Common Client\settings.bak: Access is denied.



Failed to open \\?\c:\\ProgramData\Symantec\Common Client\settings.dat: Access is denied.


.
Failed to open \\?\c:\\ProgramData\Symantec\SRTSP\Quarantine: Access is denied.



Failed to open \\?\c:\\ProgramData\Symantec\SRTSP\SrtETmp: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\B09FB3AA\90FCD56\ClickOnceSetup.exe: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\7AE27ED1\Translations.xml.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\AppIcon.ico.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\AppMeasurement_DotNET.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.config.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.manifest: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\BestBuySoftwareInstaller.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Common.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Common.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\CustomControls.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\FluidKit.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Interop.IWshRuntimeLibrary.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Ionic.Zip.Reduced.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Localization.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.Composite.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.Composite.Presentation.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.Composite.UnityExtensions.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.EnterpriseLibrary.Common.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.EnterpriseLibrary.Logging.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.ObjectBuilder2.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.ServiceLocation.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.Unity.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.WindowsAPICodePack.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.WindowsAPICodePack.Shell.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\pc app Installer.exe.config.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\pc app Installer.exe.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Default.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Default.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Home.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Home.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Omniture.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Omniture.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Omniture.Tests.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Update.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Update.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImageInfrastructure.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImageInfrastructure.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Restarter.exe.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\SharpBITS.Base.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\ViewModels.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\ViewModels.dll.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\B6BEAD2D\Best Buy pc app.3.0.0.0.application: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\B6BEAD2D\Best Buy pc app.application: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\B6BEAD2D\ClickOnce.htm: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\BB2F2A4E\About.rtf.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\BB2F2A4E\WelcomeScreen.rtf.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\E8FFBBDC\tempCategories.xml.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\E8FFBBDC\TranslationSchema.xsd.deploy: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\F02487F4\90FCD56\ClickOnceUninstaller.exe: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\mDown.dll\mDownExec.dll: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\mWinRun.dll\mWinRunExec.dll: Access is denied.



Failed to open \\?\c:\\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\mXML.dll\mXMLRun.dll: Access is denied.


\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates



...

...
Failed to open \\?\c:\\Users\All Users\Microsoft\Windows Defender: Access is denied.





Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\Keys\f61ac652b2df76a1ddb4945a50386cb0_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\00909db419ca5350292ea74bb109f08e_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0897465d820d1e897851394e6c55331d_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\08aea51e06557b06931720f29cd669c9_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\21b777ec214a24404be00d229ba6f840_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\26c63ec7ece52e2db0d0490e6c72824d_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3d829630a94dd7e3dbd30551f24789f8_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\466bd9649f161f0d3177e7a625453d82_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4c6f6240bf7f04e36719e7bda658760b_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6b2b094e5aadf27f6c042bb556998111_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6f5de8eca0389151db2b708b488f2f0c_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7bf26f037de3e8311426cf26aedee63c_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8297b2f15d3dc640206929131b292094_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\86d2a292c070035c6e447c64ecfee44b_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8ce2d617b3cef4d5df17f520b9d119ec_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9c3905bc44e3797d7c3c63812ce9323b_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a3f884e2df3c6efef3640559f0f9c048_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ac573d31ead6eb132bfbb51eea268426_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b8e77f4d6dd91a1fb1ac52b4a9393cec_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c6bbb15c67e2f942b02fd9c7e18b1bf0_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c756ddcbd8aa4cb662d646100caedb10_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cd3240b209e4137cbee5b3167957a9c7_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\df814a9bde17f0e3ced14bee5cc8b989_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f07009ce76584f096c96b8fccc30af5c_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f3b792cb169c82ef907ff25b6cc75a2b_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc5e5d11f3de60fb598901a3246fd92c_83107831-0f40-419b-ba59-fc12ee870c91: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Network\Downloader: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Search\Data: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\Power Efficiency Diagnostics: Access is denied.


.
Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_coh64.exe_208f7dcc359b5bb119830b094c6e69d1d4e721_022115b1: Access is denied.


.
Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_PsiService_2.exe_5cccef1aa887eb5f4b9e092c8737189ae8bd1_01f52490: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_314dba050848b59681e9c7fb2de59bda0fea8f0_02fb4513: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_00de7149: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_00f2e220: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_016f0d49: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_02382e8d: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0329f7b6: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_03a35d35: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0415b01e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0564e5dd: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_056ef455: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_067cbb72: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_06f5114e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0798b67e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0889547e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_08940286: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_092c0aa8: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0bc2881c: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0c84db4e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_0f42d196: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_10ca9731: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_12238522: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_12bf3b13: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1375ddd9: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1405c1c8: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_14123fa3: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_150face3: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1548b12a: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_16e756c9: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_16f915d1: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_17700ea2: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1bc4bc07: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1cf59d61: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_1d13a6f5: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_203486aa: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_24518a5d: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_2462ad37: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_24c2b7bb: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_2b4899ae: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_2d20baac: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_2e35baad: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_3017e21a: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_32e8ee62: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_34635ef6: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_3474b59a: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_34874930: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_37f7b11e: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_38dbecda: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_39cfa980: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_3f3d9553: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Windows\WER\ReportArchive\NonCritical_7.3.7600.16385_336e7467cbea36121f88643523f5d2b6891fe429_3ff2e228: Access is denied.


.
Failed to open \\?\c:\\Users\All Users\Microsoft\Windows NT\MSFax: Access is denied.





Failed to open \\?\c:\\Users\All Users\Symantec\Common Client\settings.bak: Access is denied.



Failed to open \\?\c:\\Users\All Users\Symantec\Common Client\settings.dat: Access is denied.



Failed to open \\?\c:\\Users\All Users\Symantec\SRTSP\Quarantine: Access is denied.



Failed to open \\?\c:\\Users\All Users\Symantec\SRTSP\SrtETmp: Access is denied.


.
Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\B09FB3AA\90FCD56\ClickOnceSetup.exe: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\7AE27ED1\Translations.xml.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\AppIcon.ico.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\AppMeasurement_DotNET.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.config.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Best Buy pc app.exe.manifest: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\BestBuySoftwareInstaller.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Common.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Common.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\CustomControls.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\FluidKit.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Interop.IWshRuntimeLibrary.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Ionic.Zip.Reduced.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Localization.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.Composite.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.Composite.Presentation.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.Composite.UnityExtensions.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.EnterpriseLibrary.Common.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.EnterpriseLibrary.Logging.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.ObjectBuilder2.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.ServiceLocation.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.Practices.Unity.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.WindowsAPICodePack.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Microsoft.WindowsAPICodePack.Shell.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\pc app Installer.exe.config.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\pc app Installer.exe.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Default.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Default.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Home.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Home.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Omniture.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Omniture.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Omniture.Tests.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Update.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImage.Modules.Update.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImageInfrastructure.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\PCImageInfrastructure.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\Restarter.exe.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\SharpBITS.Base.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\ViewModels.dll.config.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\AFDB8260\ViewModels.dll.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\B6BEAD2D\Best Buy pc app.3.0.0.0.application: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\B6BEAD2D\Best Buy pc app.application: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\B6BEAD2D\ClickOnce.htm: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\BB2F2A4E\About.rtf.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\BB2F2A4E\WelcomeScreen.rtf.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\E8FFBBDC\tempCategories.xml.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\D979B9B\E8FFBBDC\TranslationSchema.xsd.deploy: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\F02487F4\90FCD56\ClickOnceUninstaller.exe: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\mDown.dll\mDownExec.dll: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\mWinRun.dll\mWinRunExec.dll: Access is denied.



Failed to open \\?\c:\\Users\All Users\{FBF3739B-717D-4429-BCEB-98D514E65F29}\OFFLINE\mXML.dll\mXMLRun.dll: Access is denied.


\\?\c:\\Users\Bee\Application Data: JUNCTION
Print Name : C:\Users\Bee\AppData\Roaming
Substitute Name: C:\Users\Bee\AppData\Roaming

\\?\c:\\Users\Bee\Cookies: JUNCTION
Print Name : C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Bee\Local Settings: JUNCTION
Print Name : C:\Users\Bee\AppData\Local
Substitute Name: C:\Users\Bee\AppData\Local

\\?\c:\\Users\Bee\My Documents: JUNCTION
Print Name : C:\Users\Bee\Documents
Substitute Name: C:\Users\Bee\Documents

\\?\c:\\Users\Bee\NetHood: JUNCTION
Print Name : C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Bee\PrintHood: JUNCTION
Print Name : C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Bee\Recent: JUNCTION
Print Name : C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Bee\SendTo: JUNCTION
Print Name : C:\Users\Bee\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Bee\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Bee\Start Menu: JUNCTION
Print Name : C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Bee\Templates: JUNCTION
Print Name : C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Bee\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Bee\AppData\Local
Substitute Name: C:\Users\Bee\AppData\Local

\\?\c:\\Users\Bee\AppData\Local\History: JUNCTION
Print Name : C:\Users\Bee\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Bee\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Bee\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Bee\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Bee\AppData\Local\Microsoft\Windows\Temporary Internet Files

..

...

...

...

...

...

...

...

...\\?\c:\\Users\Bee\Documents\My Music: JUNCTION
Print Name : C:\Users\Bee\Music
Substitute Name: C:\Users\Bee\Music

\\?\c:\\Users\Bee\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Bee\Pictures
Substitute Name: C:\Users\Bee\Pictures

\\?\c:\\Users\Bee\Documents\My Videos: JUNCTION
Print Name : C:\Users\Bee\Videos
Substitute Name: C:\Users\Bee\Videos



...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Cookies: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

.
Failed to open \\?\c:\\Windows\LiveKernelReports: Access is denied.



Failed to open \\?\c:\\Windows\Minidump: Access is denied.



Failed to open \\?\c:\\Windows\ModemLogs: Access is denied.



Failed to open \\?\c:\\Windows\Prefetch: Access is denied.


..

...

...

...
Failed to open \\?\c:\\Windows\Logs\HomeGroup: Access is denied.



Failed to open \\?\c:\\Windows\Logs\SystemRestore: Access is denied.



Failed to open \\?\c:\\Windows\Logs\CBS\CBS.log: Access is denied.



Failed to open \\?\c:\\Windows\Logs\DPX\setupact.log: Access is denied.



Failed to open \\?\c:\\Windows\Logs\DPX\setuperr.log: Access is denied.




.
Failed to open \\?\c:\\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config: Access is denied.


.
Failed to open \\?\c:\\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config: Access is denied.


.
Failed to open \\?\c:\\Windows\Panther\UnattendGC\diagerr.xml: Access is denied.



Failed to open \\?\c:\\Windows\Panther\UnattendGC\diagwrn.xml: Access is denied.



Failed to open \\?\c:\\Windows\Panther\UnattendGC\setupact.log: Access is denied.



Failed to open \\?\c:\\Windows\Panther\UnattendGC\setuperr.log: Access is denied.



Failed to open \\?\c:\\Windows\PLA\Reports: Access is denied.



Failed to open \\?\c:\\Windows\PLA\Rules: Access is denied.



Failed to open \\?\c:\\Windows\PLA\Templates: Access is denied.



Failed to open \\?\c:\\Windows\PLA\System\System Diagnostics.xml: Access is denied.



Failed to open \\?\c:\\Windows\PLA\System\System Performance.xml: Access is denied.





Failed to open \\?\c:\\Windows\security\audit: Access is denied.



Failed to open \\?\c:\\Windows\security\database\secedit.sdb: Access is denied.



Failed to open \\?\c:\\Windows\ServiceProfiles\LocalService: Access is denied.



Failed to open \\?\c:\\Windows\ServiceProfiles\NetworkService: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\Windows\System32\config: Access is denied.




.
Failed to open \\?\c:\\Windows\System32\ias: Access is denied.


.
Failed to open \\?\c:\\Windows\System32\Msdtc: Access is denied.



Failed to open \\?\c:\\Windows\System32\NetworkList: Access is denied.


.


Failed to open \\?\c:\\Windows\System32\wdi: Access is denied.



Failed to open \\?\c:\\Windows\System32\wfp: Access is denied.


...

...

...

...

...

.
Failed to open \\?\c:\\Windows\System32\LogFiles\Firewall: Access is denied.



Failed to open \\?\c:\\Windows\System32\LogFiles\HTTPERR: Access is denied.



Failed to open \\?\c:\\Windows\System32\LogFiles\WMI: Access is denied.



Failed to open \\?\c:\\Windows\System32\LogFiles\Fax\Incoming: Access is denied.



Failed to open \\?\c:\\Windows\System32\LogFiles\Fax\Outgoing: Access is denied.


.
Failed to open \\?\c:\\Windows\System32\restore\MachineGuid.txt: Access is denied.


.
Failed to open \\?\c:\\Windows\System32\sysprep\Panther\diagerr.xml: Access is denied.



Failed to open \\?\c:\\Windows\System32\sysprep\Panther\diagwrn.xml: Access is denied.



Failed to open \\?\c:\\Windows\System32\sysprep\Panther\setupact.log: Access is denied.



Failed to open \\?\c:\\Windows\System32\sysprep\Panther\setuperr.log: Access is denied.



Failed to open \\?\c:\\Windows\System32\sysprep\Panther\IE\diagerr.xml: Access is denied.



Failed to open \\?\c:\\Windows\System32\sysprep\Panther\IE\diagwrn.xml: Access is denied.



Failed to open \\?\c:\\Windows\System32\sysprep\Panther\IE\setupact.log: Access is denied.



Failed to open \\?\c:\\Windows\System32\sysprep\Panther\IE\setuperr.log: Access is denied.



Failed to open \\?\c:\\Windows\System32\wbem\MOF: Access is denied.





Failed to open \\?\c:\\Windows\System32\wbem\AutoRecover\14C5A2A3C41254184B007011E5565E5B.mof: Access is denied.



Failed to open \\?\c:\\Windows\System32\wbem\AutoRecover\6F8564A71977AE6B940705DCC4847A8D.mof: Access is denied.



Failed to open \\?\c:\\Windows\System32\wbem\AutoRecover\716FDC254E211F547A560E1A71D0E6CA.mof: Access is denied.



Failed to open \\?\c:\\Windows\System32\wbem\AutoRecover\9E721AD57D012C71CF681490F452F678.mof: Access is denied.



Failed to open \\?\c:\\Windows\System32\wbem\AutoRecover\D361F8B496FD6DAF7BEEF497E09C0DC1.mof: Access is denied.



Failed to open \\?\c:\\Windows\System32\wbem\AutoRecover\E6195BA9E153534E5472835E2F29A5B0.mof: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Application.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\HardwareEvents.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Internet Explorer.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Key Management Service.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Media Center.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Admin.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkLocationWizard%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-NlaSvc%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-PrintService%4Admin.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Recovery%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\OAlerts.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Security.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Setup.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\System.evtx: Access is denied.



Failed to open \\?\c:\\Windows\System32\winevt\Logs\Windows PowerShell.evtx: Access is denied.


.
Failed to open \\?\c:\\Windows\SysWOW64\config: Access is denied.


..
Failed to open \\?\c:\\Windows\SysWOW64\Msdtc: Access is denied.



Failed to open \\?\c:\\Windows\SysWOW64\NetworkList: Access is denied.




...

..
Failed to open \\?\c:\\Windows\Tasks\GoogleUpdateTaskMachineCore.job: Access is denied.



Failed to open \\?\c:\\Windows\Tasks\GoogleUpdateTaskMachineUA.job: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7600.16385_none_2d2382534fb0bdfa\dnary.xsd: Access is denied.



Failed to open \\?\c:\\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_2f54961b4c9f4194\dnary.xsd: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:02 PM

Posted 18 March 2012 - 03:49 PM

Good evening. :)

Do you have access to a flashdrive of at least 128 Mb that you can wipe clean for a tool that may help?

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users