Jump to content


Photo
- - - - -

Virus MBAM won't open or delete & IE won't open


  • This topic is locked This topic is locked
27 replies to this topic

#1 gothicpanda

gothicpanda

    New Member

  • Members
  • Pip
  • 15 posts

Posted 17 November 2010 - 08:06 PM

I am having a problem with my computer. IE will not open or let me connect to the internet. I can recieve emails and get updates from programs like adobe flash. I tried to install Malwarebytes, but I recieve a CreateFile Error Code 80. I tried to delete the previous version but the file folders were still left. I can not delete those and I think that is what is causing the error. I am pretty sure I have a virus that is not allowing this. I have Microsoft Security Essentials Running and the scan picked up nothing. I used HijackThis to form a log, attached bellow. Then I found another post listing the procedure which i started. Once I got to the part of running GMER Rootkit Scanner it scanned and half way through and my computer restarted and so I was not able to continue. I attached all the logs I was able to get.

Attached File  attach.zip   11.69KB   11 downloads

#2 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 18 November 2010 - 04:05 AM

Hello ,
And :)
My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#3 gothicpanda

gothicpanda

    New Member

  • Members
  • Pip
  • 15 posts

Posted 18 November 2010 - 07:27 PM

Thank you for taking the time to help me! I really appreciate it. I am pretty sure that there is a virus on the computer. Malwarebytes refused to open and I realized that its files were missing. I tried reinstalling it and I could not. mbamext.dll is blocking full deletion and I also have two Malwarebytes folders in my Program FIles folder. The other one when I try to open says Access Denied. Durring reinstallation I get an ErrorCode 80 message. Internet Explorer also refuses to start up but the internet works. Firefox does connect to the internet which I am currently using.

OTL logfile created on: 11/18/2010 5:51:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\jennifer.scheu\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 53.28 Gb Free Space | 76.36% Space Free | Partition Type: NTFS

Computer Name: JENNIFERPC | User Name: Jennifer.Scheu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 17:50:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer.scheu\Desktop\OTL.exe
PRC - [2010/10/27 00:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\firefox.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/14 13:06:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/09/12 19:38:32 | 000,339,968 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
PRC - [2006/06/28 18:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
PRC - [2006/04/18 20:54:50 | 000,049,152 | ---- | M] ( ) -- C:\WINDOWS\system32\SysMonitor.exe
PRC - [2004/08/11 01:22:40 | 000,757,760 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe


========== Modules (SafeList) ==========

MOD - [2010/11/18 17:50:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer.scheu\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\KGCServ\remotecontrol\winvnc.exe -- (winvnc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Kyocera\FileUtility\SFUSVC.exe -- (SFUSVC)
SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/14 13:06:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/06/28 18:01:32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/28 17:32:30 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 05:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/12/10 16:59:36 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/12/10 16:59:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2007/12/10 16:59:34 | 000,014,120 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/11/07 03:35:00 | 000,047,488 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3xx USB Smart Card Reader)
DRV - [2006/08/27 20:30:04 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2006/06/08 18:54:24 | 000,017,664 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2006/06/06 19:36:30 | 000,090,112 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.coveny.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...;m=veriton_m460


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.coveny.com
IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...006&form=ZGAPHP
IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.mywebsea...MU28qOlq5uj_m5Q
IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.fastbrows...E7E3912833}&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\components [2010/11/15 20:41:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\plugins [2010/11/15 20:41:53 | 000,000,000 | ---D | M]

[2009/06/15 13:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Extensions
[2010/11/16 21:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\extensions
[2010/11/16 21:58:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/17 12:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/10/07 12:41:54 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\searchplugins\bing-zugo.xml
[2010/08/17 12:52:31 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\searchplugins\inbox-search.xml
[2010/06/17 11:35:38 | 000,010,025 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\searchplugins\mywebsearch.xml

O1 HOSTS File: ([2009/05/14 11:53:29 | 000,306,127 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 70.89.213.203 ocsinventory-ng
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10540 more lines...
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.
O3 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe ( )
O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe ( )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner File Utility.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O7 - HKU\S-1-5-21-6269425-2005813812-3536144309-1112\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %windir%\Resources\Themes\Luna\luna.msstyles (Microsoft)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PRESTIGE.COVENY.COM
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\covenylogo.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\covenylogo.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/28 16:56:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 17:50:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jennifer.scheu\Desktop\OTL.exe
[2010/11/16 22:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.scheu\Application Data\WinRAR
[2010/11/16 22:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/16 22:24:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/16 21:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/15 20:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox
[2010/11/15 19:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennifer.scheu\Application Data\Auslogics
[2010/11/15 19:51:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennifer.scheu\Recent
[2010/11/15 19:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/11/15 19:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2010/11/15 19:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/11/15 19:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/09 16:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/11/09 16:50:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/11/09 16:50:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2009/05/12 14:26:30 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\INTEROP.IWSHRUNTIMELIBRARY.DLL
[2006/05/25 19:18:48 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 17:50:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jennifer.scheu\Desktop\OTL.exe
[2010/11/18 17:49:39 | 000,020,480 | ---- | M] () -- C:\EasyShare.me
[2010/11/18 17:49:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/18 17:49:16 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/18 17:46:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 22:35:19 | 000,011,966 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\attach.zip
[2010/11/16 22:34:37 | 001,438,216 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\wrar40b1.exe
[2010/11/16 22:18:25 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\s5tchcrv.exe
[2010/11/16 22:14:35 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\dds.scr
[2010/11/16 22:14:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\defogger_reenable
[2010/11/16 22:11:59 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\Defogger.exe
[2010/11/16 21:57:00 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Desktop\HiJackThis.lnk
[2010/11/15 20:43:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 20:41:55 | 000,002,184 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/15 20:41:55 | 000,002,166 | ---- | M] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/11 03:01:13 | 000,522,282 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/11 03:01:13 | 000,096,694 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/10 13:28:06 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ShowingDesk Web Edition.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/16 22:35:19 | 000,011,966 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\attach.zip
[2010/11/16 22:34:37 | 001,438,216 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\wrar40b1.exe
[2010/11/16 22:18:25 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\s5tchcrv.exe
[2010/11/16 22:14:35 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\dds.scr
[2010/11/16 22:14:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\defogger_reenable
[2010/11/16 22:11:58 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\Defogger.exe
[2010/11/16 21:56:56 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Desktop\HiJackThis.lnk
[2010/11/15 20:41:55 | 000,002,184 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/15 20:41:55 | 000,002,166 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/19 11:38:23 | 000,775,696 | ---- | C] () -- C:\Program Files\Uninstall Fun Web Products.dll
[2010/05/27 10:22:32 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/11 10:15:56 | 000,038,480 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Application Data\Microsoft Excel.ADR
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 13:53:03 | 000,000,353 | ---- | C] () -- C:\WINDOWS\CAPTURE1.INI
[2009/05/21 10:53:03 | 000,000,175 | ---- | C] () -- C:\WINDOWS\nscatch.ini
[2009/05/14 11:34:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/14 11:22:17 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\jennifer.scheu\Local Settings\Application Data\fusioncache.dat
[2009/05/13 15:33:47 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini
[2009/05/12 15:51:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/03 11:18:04 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/08/28 17:57:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/28 17:33:10 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/08/28 17:32:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/08/28 17:32:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/08/28 17:32:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2008/08/28 16:56:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/19 10:10:52 | 000,000,113 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2007/03/30 15:44:18 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2006/08/27 20:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2006/05/25 19:18:48 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2005/10/25 09:25:28 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/03 23:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1998/12/08 18:09:44 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1998/12/08 18:09:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1998/12/08 18:09:44 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\lffpx90n.dll
[1996/04/01 11:00:00 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\CAPTURE2.INI

========== LOP Check ==========

[2009/05/14 11:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AgentOffice
[2009/05/13 15:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2009/06/11 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SentriLock
[2009/05/27 09:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/27 09:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\acccore
[2010/04/06 09:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Amazon
[2010/11/15 19:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Auslogics
[2010/01/11 10:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Blackberry Desktop
[2009/07/14 14:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Research In Motion
[2009/06/11 11:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\SentriLock
[2009/08/13 09:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\TeamViewer
[2009/05/21 11:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennifer.scheu\Application Data\Windows Search
[2009/11/04 08:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TeamViewer

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 11/18/2010 5:51:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\jennifer.scheu\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 53.28 Gb Free Space | 76.36% Space Free | Partition Type: NTFS

Computer Name: JENNIFERPC | User Name: Jennifer.Scheu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- File not found
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03792636-ED5B-4CD3-A93B-19BC2C18F8F8}" = Sentrilock Card Utility
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{2BDAE5C3-4CC3-4281-8129-7549B1D1CCA3}" = ShowingDesk Web Edition
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}" = commercial
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{61C79AE1-5403-4687-AC68-28BFA5EF3895}" = Kyocera Scanner File Utility
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8D8DE8D1-95CF-4C63-84B0-3EE3A7FA7C20}" = TrueForms 4.5 for FNF
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{956A6D4F-B297-4E08-A39E-C00FFDB7826F}" = Intellisync for FNF
"{96009644-514C-47DD-BE49-6D93C7FCFFA3}" = BlackBerry Desktop Software 4.1.1
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B62B8B9A-6CB7-47D1-9A29-395EC0BFA60C}" = AgentOffice
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C9BB218C-2D4B-4FF4-97E2-2C7E3D1B2679}" = Acer eProtection
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"BlackBerry_{96009644-514C-47DD-BE49-6D93C7FCFFA3}" = BlackBerry Desktop Software 4.1.1
"C4B4D7F5499921DF57A4F6B55E59E0F50C2FE298" = Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader) SmartCardReader (11/07/2006 4.35.00.01)
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{B62B8B9A-6CB7-47D1-9A29-395EC0BFA60C}" = AgentOffice 10.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OcaHistoryUpd" = OCA Client history tool install
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 beta 1 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2010 9:04:08 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 11/17/2010 9:04:39 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 11/18/2010 7:46:38 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 11/18/2010 7:46:40 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 11/18/2010 7:46:40 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 11/18/2010 7:46:40 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 11/18/2010 7:46:40 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 11/18/2010 7:47:16 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Access is
denied.

Error - 11/18/2010 7:49:02 PM | Computer Name = JENNIFERPC | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/18/2010 7:49:03 PM | Computer Name = JENNIFERPC | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7016
Description = The WebClient service has reported an invalid current state 87.

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7022
Description = The WebClient service hung on starting.

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7000
Description = The SFUSVC service failed to start due to the following error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%5

Error - 11/18/2010 7:49:24 PM | Computer Name = JENNIFERPC | Source = Service Control Manager | ID = 7000
Description = The VNC Server service failed to start due to the following error:
%%5


< End of report >
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9824000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA92CB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9600000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA93B0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8CDE000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA85A7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB97B1000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 225280 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB96FE000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8E9E000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7411000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA933B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB97E8000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA9388000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF74B2000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB978D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9756000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA943C000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xA9366000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF747A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF787D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF749A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA928B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7451000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB973F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8A84000 C:\WINDOWS\system32\eLock2FSCTLDriver.sys 90112 bytes (Windows ® 2000 DDK provider, eLock2FSCTLDriver Filter Driver)
0xB9779000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9810000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA9409000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF743E000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF7468000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB972E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7687000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7537000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7557000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7527000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA756000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7567000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7517000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF74F7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA706000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7547000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7507000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA766000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA786000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7577000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA796000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA716000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA8904000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA726000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77D7000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB9DDA000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77BF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB9DF2000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF77FF000 C:\WINDOWS\system32\drivers\int15.sys 28672 bytes (Acer, Inc., int 15)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77C7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77B7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB9DEA000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77AF000 C:\WINDOWS\system32\eLock2BurnerLockDriver.sys 20480 bytes (Windows ® 2000 DDK provider, eLock2BurnerLockDriver)
0xB9DE2000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7717000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77EF000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 20480 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7757000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA7F0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA912B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7937000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF789B000 UBHelper.sys 16384 bytes
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA9487000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF793F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9FD0000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA8D66000 C:\WINDOWS\system32\drivers\tvicport.sys 12288 bytes (EnTech Taiwan, TVicPort Driver for Windows NT/2000/XP)
0xF79C7000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79D5000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79C5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79C9000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79A3000 C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0xF79CB000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79A5000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF79A7000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79AB000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7AA9000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7A86000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA0E6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A72000 C:\WINDOWS\system32\drivers\zntport.sys 4096 bytes (Zeal SoftStudio, zntport)
==============================================
>Stealth
==============================================

#4 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 19 November 2010 - 02:30 AM

Hi again, lets first see what the following scan turns up.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#5 gothicpanda

gothicpanda

    New Member

  • Members
  • Pip
  • 15 posts

Posted 19 November 2010 - 05:19 PM

The scan did not show anything. I guess this could be both good or bad.

2010/11/19 16:19:33.0031 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/19 16:19:33.0031 ================================================================================
2010/11/19 16:19:33.0031 SystemInfo:
2010/11/19 16:19:33.0031
2010/11/19 16:19:33.0031 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/19 16:19:33.0031 Product type: Workstation
2010/11/19 16:19:33.0031 ComputerName: JENNIFERPC
2010/11/19 16:19:33.0031 UserName: Jennifer.Scheu
2010/11/19 16:19:33.0031 Windows directory: C:\WINDOWS
2010/11/19 16:19:33.0031 System windows directory: C:\WINDOWS
2010/11/19 16:19:33.0031 Processor architecture: Intel x86
2010/11/19 16:19:33.0031 Number of processors: 2
2010/11/19 16:19:33.0031 Page size: 0x1000
2010/11/19 16:19:33.0031 Boot type: Normal boot
2010/11/19 16:19:33.0031 ================================================================================
2010/11/19 16:19:33.0218 Initialize success
2010/11/19 16:19:40.0046 ================================================================================
2010/11/19 16:19:40.0046 Scan started
2010/11/19 16:19:40.0046 Mode: Manual;
2010/11/19 16:19:40.0046 ================================================================================
2010/11/19 16:19:40.0531 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/19 16:19:40.0562 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/19 16:19:40.0609 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/19 16:19:40.0656 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/19 16:19:40.0875 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/19 16:19:40.0921 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/19 16:19:40.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/19 16:19:41.0046 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/19 16:19:41.0078 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/19 16:19:41.0109 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/19 16:19:41.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/19 16:19:41.0187 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/19 16:19:41.0218 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/19 16:19:41.0406 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/19 16:19:41.0484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/19 16:19:41.0531 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/19 16:19:41.0562 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/19 16:19:41.0609 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/19 16:19:41.0671 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/19 16:19:41.0718 eLock2BurnerLockDriver (70f3d2751ba8877ee06becfc59bd77f1) C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
2010/11/19 16:19:41.0750 eLock2FSCTLDriver (8a24dcb29abc693f1d3085a69239e84b) C:\WINDOWS\system32\eLock2FSCTLDriver.sys
2010/11/19 16:19:41.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/19 16:19:41.0843 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/19 16:19:41.0890 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/19 16:19:41.0906 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/19 16:19:41.0968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/19 16:19:42.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/19 16:19:42.0046 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/19 16:19:42.0078 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/19 16:19:42.0125 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/19 16:19:42.0171 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/19 16:19:42.0281 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/19 16:19:42.0421 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/19 16:19:42.0578 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/19 16:19:42.0734 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/19 16:19:42.0796 int15 (f8f75594c17fe7bce1b4045bb7199868) C:\WINDOWS\system32\drivers\int15.sys
2010/11/19 16:19:42.0890 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/19 16:19:42.0921 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/19 16:19:42.0953 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/19 16:19:42.0984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/19 16:19:43.0015 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/19 16:19:43.0046 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/19 16:19:43.0062 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/19 16:19:43.0093 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/19 16:19:43.0109 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/19 16:19:43.0125 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/19 16:19:43.0156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/19 16:19:43.0187 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/19 16:19:43.0296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/19 16:19:43.0359 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/19 16:19:43.0390 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/19 16:19:43.0421 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/19 16:19:43.0453 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/19 16:19:43.0468 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/11/19 16:19:43.0500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/19 16:19:43.0531 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/19 16:19:43.0609 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/19 16:19:43.0687 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/19 16:19:43.0718 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/19 16:19:43.0750 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/19 16:19:43.0796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/19 16:19:43.0812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/19 16:19:43.0875 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/19 16:19:43.0921 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/19 16:19:43.0937 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/19 16:19:43.0968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/19 16:19:43.0984 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/19 16:19:44.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/19 16:19:44.0031 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/19 16:19:44.0109 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/19 16:19:44.0156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/19 16:19:44.0187 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2010/11/19 16:19:44.0234 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/19 16:19:44.0265 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/19 16:19:44.0312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/19 16:19:44.0375 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/19 16:19:44.0406 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/19 16:19:44.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/19 16:19:44.0468 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/19 16:19:44.0531 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/19 16:19:44.0578 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/19 16:19:44.0765 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/19 16:19:44.0828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/19 16:19:44.0843 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/19 16:19:44.0875 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/11/19 16:19:45.0046 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/19 16:19:45.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/19 16:19:45.0140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/19 16:19:45.0171 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/19 16:19:45.0218 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/19 16:19:45.0250 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/19 16:19:45.0296 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/19 16:19:45.0328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/19 16:19:45.0406 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/19 16:19:45.0437 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/11/19 16:19:45.0515 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/11/19 16:19:45.0562 RimVSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/11/19 16:19:45.0593 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/11/19 16:19:45.0687 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/11/19 16:19:45.0765 SCR3xx USB Smart Card Reader (a2b0f1ad2919b13c7eb0fc743492bfd1) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
2010/11/19 16:19:45.0812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/19 16:19:45.0890 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/19 16:19:45.0906 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/19 16:19:45.0968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/19 16:19:46.0078 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/19 16:19:46.0187 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/19 16:19:46.0250 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/19 16:19:46.0281 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/19 16:19:46.0312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/19 16:19:46.0468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/19 16:19:46.0531 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/19 16:19:46.0593 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/19 16:19:46.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/19 16:19:46.0656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/19 16:19:46.0765 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
2010/11/19 16:19:46.0812 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2010/11/19 16:19:46.0843 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/19 16:19:46.0921 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/19 16:19:46.0984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/19 16:19:47.0015 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/19 16:19:47.0046 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/19 16:19:47.0078 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/19 16:19:47.0093 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/19 16:19:47.0109 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/19 16:19:47.0140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/19 16:19:47.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/19 16:19:47.0250 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/19 16:19:47.0375 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/11/19 16:19:47.0421 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/19 16:19:47.0453 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/19 16:19:47.0515 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
2010/11/19 16:19:47.0593 ================================================================================
2010/11/19 16:19:47.0593 Scan finished
2010/11/19 16:19:47.0593 ================================================================================
2010/11/19 16:21:23.0343 ================================================================================
2010/11/19 16:21:23.0343 Scan started
2010/11/19 16:21:23.0343 Mode: Manual;
2010/11/19 16:21:23.0343 ================================================================================
2010/11/19 16:21:23.0781 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/19 16:21:23.0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/19 16:21:23.0859 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/19 16:21:23.0906 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/19 16:21:24.0171 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/19 16:21:24.0203 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/19 16:21:24.0265 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/19 16:21:24.0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/19 16:21:24.0359 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/19 16:21:24.0406 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/19 16:21:24.0437 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/19 16:21:24.0484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/19 16:21:24.0515 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/19 16:21:24.0687 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/19 16:21:24.0734 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/19 16:21:24.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/19 16:21:24.0765 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/19 16:21:24.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/19 16:21:24.0890 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/19 16:21:24.0937 eLock2BurnerLockDriver (70f3d2751ba8877ee06becfc59bd77f1) C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
2010/11/19 16:21:24.0968 eLock2FSCTLDriver (8a24dcb29abc693f1d3085a69239e84b) C:\WINDOWS\system32\eLock2FSCTLDriver.sys
2010/11/19 16:21:25.0031 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/19 16:21:25.0078 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/19 16:21:25.0125 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/19 16:21:25.0140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/19 16:21:25.0171 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/19 16:21:25.0203 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/19 16:21:25.0218 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/19 16:21:25.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/19 16:21:25.0375 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/19 16:21:25.0437 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/19 16:21:25.0500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/19 16:21:25.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/19 16:21:25.0718 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/19 16:21:25.0781 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/19 16:21:25.0875 int15 (f8f75594c17fe7bce1b4045bb7199868) C:\WINDOWS\system32\drivers\int15.sys
2010/11/19 16:21:25.0968 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/19 16:21:26.0000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/19 16:21:26.0046 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/19 16:21:26.0093 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/19 16:21:26.0109 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/19 16:21:26.0125 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/19 16:21:26.0156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/19 16:21:26.0187 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/19 16:21:26.0203 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/19 16:21:26.0218 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/19 16:21:26.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/19 16:21:26.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/19 16:21:26.0375 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/19 16:21:26.0421 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/19 16:21:26.0437 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/19 16:21:26.0468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/19 16:21:26.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/19 16:21:26.0515 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/11/19 16:21:26.0562 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/19 16:21:26.0625 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/19 16:21:26.0671 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/19 16:21:26.0718 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/19 16:21:26.0765 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/19 16:21:26.0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/19 16:21:26.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/19 16:21:26.0890 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/19 16:21:26.0937 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/19 16:21:27.0031 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/19 16:21:27.0062 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/19 16:21:27.0109 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/19 16:21:27.0125 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/19 16:21:27.0156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/19 16:21:27.0187 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/19 16:21:27.0328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/19 16:21:27.0359 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/19 16:21:27.0421 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2010/11/19 16:21:27.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/19 16:21:27.0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/19 16:21:27.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/19 16:21:27.0562 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/19 16:21:27.0578 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/19 16:21:27.0609 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/19 16:21:27.0625 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/19 16:21:27.0687 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/19 16:21:27.0734 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/19 16:21:27.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/19 16:21:27.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/19 16:21:28.0078 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/19 16:21:28.0109 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/11/19 16:21:28.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/19 16:21:28.0265 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/19 16:21:28.0281 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/19 16:21:28.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/19 16:21:28.0312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/19 16:21:28.0359 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/19 16:21:28.0406 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/19 16:21:28.0484 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/19 16:21:28.0546 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/19 16:21:28.0609 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/11/19 16:21:28.0671 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/11/19 16:21:28.0718 RimVSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/11/19 16:21:28.0765 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/11/19 16:21:28.0828 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/11/19 16:21:28.0890 SCR3xx USB Smart Card Reader (a2b0f1ad2919b13c7eb0fc743492bfd1) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
2010/11/19 16:21:28.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/19 16:21:29.0015 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/19 16:21:29.0046 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/19 16:21:29.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/19 16:21:29.0171 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/19 16:21:29.0203 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/19 16:21:29.0234 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/19 16:21:29.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/19 16:21:29.0296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/19 16:21:29.0375 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/19 16:21:29.0421 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/19 16:21:29.0453 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/19 16:21:29.0468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/19 16:21:29.0500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/19 16:21:29.0562 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
2010/11/19 16:21:29.0593 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2010/11/19 16:21:29.0625 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/19 16:21:29.0671 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/19 16:21:29.0718 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/19 16:21:29.0750 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/19 16:21:29.0765 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/19 16:21:29.0781 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/19 16:21:29.0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/19 16:21:29.0812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/19 16:21:29.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/19 16:21:29.0875 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/19 16:21:29.0906 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/19 16:21:30.0000 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/11/19 16:21:30.0062 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/19 16:21:30.0093 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/19 16:21:30.0171 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
2010/11/19 16:21:30.0250 ================================================================================
2010/11/19 16:21:30.0250 Scan finished
2010/11/19 16:21:30.0250 ================================================================================

#6 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 20 November 2010 - 02:07 AM

Yes, it usually is a good sign when a rootkit detector doesn't find anything. :)

COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#7 gothicpanda

gothicpanda

    New Member

  • Members
  • Pip
  • 15 posts

Posted 20 November 2010 - 08:39 AM

ComboFix did delete some things so I take it that we are getting closer to a cleaner system :)
By the way thanks again for helping me :)
Here's the log:

ComboFix 10-11-19.04 - Jennifer.Scheu 11/20/2010 7:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1643 [GMT -6:00]
Running from: c:\documents and settings\jennifer.scheu\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Fast Browser Search
c:\program files\SelectRebates
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\Uninstall Fun Web Products.dll
C:\restore
c:\windows\system32\twain.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))
.

2010-11-17 03:56 . 2010-11-17 03:56 388096 ----a-r- c:\documents and settings\jennifer.scheu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-17 03:56 . 2010-11-17 03:56 -------- d-----w- c:\program files\Trend Micro
2010-11-16 02:41 . 2010-11-16 02:41 -------- d-----w- c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox
2010-11-16 02:07 . 2010-10-07 21:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54DFC9AB-35BF-4E92-96A7-7D01346A9A56}\mpengine.dll
2010-11-16 01:55 . 2010-11-16 01:55 -------- d-----w- c:\documents and settings\jennifer.scheu\Application Data\Auslogics
2010-11-16 01:28 . 2010-11-16 02:57 -------- d-----w- c:\program files\Unlocker
2010-11-16 01:21 . 2010-11-16 01:23 -------- d-----w- c:\program files\Malwarebytes
2010-11-16 01:19 . 2010-11-16 01:19 -------- d-----w- c:\program files\Auslogics
2010-11-16 01:18 . 2010-11-16 01:18 -------- d-----w- c:\program files\CCleaner
2010-11-09 22:52 . 2010-11-09 22:52 -------- d-----w- c:\program files\Microsoft.NET
2010-11-09 22:50 . 2010-11-09 22:50 -------- d-----w- c:\windows\system32\winrm
2010-11-09 22:50 . 2010-11-09 22:50 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-11-09 22:29 . 2010-10-07 21:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-10-03 08:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 17:23 . 2006-12-14 13:45 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-11-01 19:17 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2004-08-04 05:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 05:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-09 22:52 . 2010-10-15 18:55 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{961E199B-B4E3-479A-BB2E-1BA226A5F40E}\mpengine.dll
2010-09-09 22:52 . 2009-05-14 17:44 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-09-09 13:38 . 2007-04-18 12:46 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 05:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 05:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 05:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-04 05:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 05:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2007-03-08 13:47 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-10-17 21:14 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-12-07 19:32 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-05-10 00:17 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-05-13 08:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 05:00 617472 ----a-w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]
"eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2006-2-24 1085534]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [6/8/2006 6:54 PM 17664]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [6/6/2006 7:36 PM 90112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [6/11/2009 10:59 AM 47488]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/3/2004 11:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z006&form=ZGAPHP
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=0&o=xpp&d=0509&m=veriton_m460
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\jennifer.scheu\Application Data\Mozilla\Firefox\Profiles\vrpe5dip.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={980235C4-5205-BE07-A40B-38E7E3912833}&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\documents and settings\jennifer.scheu\Local Settings\Application Data\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
AddRemove-InstallShield_{B62B8B9A-6CB7-47D1-9A29-395EC0BFA60C} - c:\program files\InstallShield Installation Information\{B62B8B9A-6CB7-47D1-9A29-395EC0BFA60C}\setup.exe
AddRemove-{61C79AE1-5403-4687-AC68-28BFA5EF3895} - c:\program files\InstallShield Installation Information\{61C79AE1-5403-4687-AC68-28BFA5EF3895}\setup.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-11-20 07:40:30
ComboFix-quarantined-files.txt 2010-11-20 13:40

Pre-Run: 57,182,519,296 bytes free
Post-Run: 57,755,500,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1974B10A39959FF51C92F8E396D6853C

#8 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 20 November 2010 - 08:57 AM

Please see if you now can install/run MBAM.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#9 gothicpanda

gothicpanda

    New Member

  • Members
  • Pip
  • 15 posts

Posted 20 November 2010 - 12:28 PM

MBAM still refuses to install. When I install into C:\Program Files\Malwarebytes' Anti-Malware\ folder like it defaults to I get ErrorCode 80 can not install because the file already exists. When I tried to install to a different folder i got another error saying Error 183 Can not create in directory because file already exists in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\config.dat

I can not delete any Malwarebytes folders or access them. It says Access Denied at anything. Internet Explorer also still refuses to open.

#10 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 20 November 2010 - 12:34 PM

Lets see if we can find out why.

First, try to uninstall using mbam-clean.exe

When done, restart once, then try to install it.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#11 gothicpanda

gothicpanda

    New Member

  • Members
  • Pip
  • 15 posts

Posted 20 November 2010 - 01:18 PM

No Luck. The folders are still there and are still blocking the installation. I get all of the same error messages for whatever I try.

#12 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 20 November 2010 - 01:31 PM

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#13 gothicpanda

gothicpanda

    New Member

  • Members
  • Pip
  • 15 posts

Posted 20 November 2010 - 01:47 PM

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\downloads: Access is denied.



Failed to open \\?\c:\\install.rdf: Access is denied.



Failed to open \\?\c:\\KGCServ: Access is denied.



Failed to open \\?\c:\\mbam-error.txt: Access is denied.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\RECYCLER: Access is denied.



Failed to open \\?\c:\\remotecontrol: Access is denied.



Failed to open \\?\c:\\users: Access is denied.



Failed to open \\?\c:\\usr: Access is denied.



Failed to open \\?\c:\\Acer\GInstall.log: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\AfscComm.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\AfscInst.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eRecovery: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\int15.sys: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\Threshold.xml: Access is denied.


.
Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.eSettings.Interfaces.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.eSettings.Model.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.eSettings.Plugin.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.eSettings.Presenter.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.eSettings.Views.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.Framework.Interface.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.Shared.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.Shared.UI.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Acer.Empowering.Windows.Forms.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\awcomm.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\CPUID.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eportd.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-cs.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-da.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-de.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-el.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-en.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-es.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-fi.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-fr.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-hu.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-it.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-ja.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-nl.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-no.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-pl.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-pt.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-ru.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-sv.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-tr.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-zh-CHS.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings-zh-CHT.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings.chm: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings.cur: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings.exe: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettingsConfig.xml: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\eSettings_forbid.cur: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\INT15.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\Interop.Shell32.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ITEIO.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ITEIO.H: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ITEIO.LIB: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\log4net.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ntport.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\RELEASE NOTE.TXT: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ScrollBarLib.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ServiceControl.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\TVicPort.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ZNTPORT.SYS: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\cs\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\cs\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\cs\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\da\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\da\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\da\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\de\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\de\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\de\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\el\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\el\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\el\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\es\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\es\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\es\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fi\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fi\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fi\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fr\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fr\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\fr\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\hu\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\hu\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\hu\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\it\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\it\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\it\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ja\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ja\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ja\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\nl\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\nl\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\nl\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\no\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\no\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\no\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pl\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pl\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pl\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pt\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pt\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\pt\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ru\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ru\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\ru\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\sv\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\sv\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\sv\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\tr\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\tr\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\tr\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHS\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHS\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHS\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHT\Acer.Empowering.eSettings.Plugin.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHT\Acer.Empowering.eSettings.Presenter.resources.dll: Access is denied.



Failed to open \\?\c:\\Acer\Empowering Technology\eSettings\zh-CHT\Acer.Empowering.eSettings.Views.resources.dll: Access is denied.


.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\AOL: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\InstallShield: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Kodak: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Malwarebytes: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\McAfee: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\NOS: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\SentriLock: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Sun: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Viewpoint: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Windows Genuine Advantage: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Adobe\AIR: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Adobe\Reader: Access is denied.


.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Security Essentials: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\MpScanCache-0.bin: Access is denied.





Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Jennifer.bmp: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Desktop\AgentOffice.lnk: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\ESBK.mb: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\ESBK.mbb: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\KyoceraMita: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sync Playlists: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArtSmall.jpg: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{E201F44C-B9E2-490F-9ED7-0976E9DA2EA5}_Large.jpg: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{E201F44C-B9E2-490F-9ED7-0976E9DA2EA5}_Small.jpg: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Music\Sample Music\Folder.jpg: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\22140 Prairie pic.jpeg: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\WinZip.lnk: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\AcerSystem: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\AgentOffice: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Amazon: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Kyocera: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Scanner User Software: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\SentriLockCardUtility (2).lnk: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\SentriLockCardUtility (3).lnk: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 4: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\CutePDF: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Malwarebytes' Anti-Malware: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Spybot - Search & Destroy: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Windows PowerShell 1.0: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\WinZip: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Acer Empowering Technology\Acer eRecovery Management.lnk: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner File Utility.lnk: Access is denied.


...

.
Failed to open \\?\c:\\Documents and Settings\LocalService\Application Data\Microsoft\CryptnetUrlCache: Access is denied.



Failed to open \\?\c:\\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host: Access is denied.



Failed to open \\?\c:\\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\S-1-5-19: Access is denied.



Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Application Data\Adobe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-19: Access is denied.



Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\History\desktop.ini: Access is denied.



Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini: Access is denied.



Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Temp\Cookies: Access is denied.



Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Temp\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files: Access is denied.



Failed to open \\?\c:\\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\CryptnetUrlCache: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\S-1-5-20: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\00fc7e5a-a28c-4d2d-9576-7703946d4419: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\25f7df2e-3409-4ce2-9b52-945650addde2: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\2bca9aaa-2483-4a79-bd71-ebf8d84c3e0e: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\38eae554-2702-4867-9376-c102caccca74: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\68abde85-55c6-44c9-9e86-132f93c9a029: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\6eb2c477-70ae-4a29-a304-844d664e7c5e: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\7ea4a6df-72e2-444d-8a89-ab8b6d2be8e4: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\a7e392d9-2ffe-438a-9b52-cd7322ad27ed: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\b11b9c16-62d5-46c4-8456-5a0574e598e2: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\ced97b88-f26b-4a08-8bcd-a2c9b010026c: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\db845ab5-7c54-4a86-913a-734f9eae142f: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\fac75f09-bc4a-4464-b6c1-c5f3a5dd1a10: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-20: Access is denied.



Failed to open \\?\c:\\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log: Access is denied.



Failed to open \\?\c:\\drv\VGA0: Access is denied.


..
Failed to open \\?\c:\\i386\bthport.sys: Access is denied.




.
Failed to open \\?\c:\\i386\filterpipelineprintproc.dll: Access is denied.


..


Failed to open \\?\c:\\i386\mrxsmb.sys: Access is denied.


.
Failed to open \\?\c:\\i386\msxpsdrv.inf: Access is denied.



Failed to open \\?\c:\\i386\msxpsinc.gpd: Access is denied.



Failed to open \\?\c:\\i386\msxpsinc.ppd: Access is denied.



Failed to open \\?\c:\\i386\mxdwdrv.dll: Access is denied.



Failed to open \\?\c:\\i386\mxdwdui.dll: Access is denied.



Failed to open \\?\c:\\i386\mxdwdui.gpd: Access is denied.



Failed to open \\?\c:\\i386\mxdwdui.ini: Access is denied.



Failed to open \\?\c:\\i386\ntkrnlmp.exe: Access is denied.



Failed to open \\?\c:\\i386\ntkrnlpa.exe: Access is denied.



Failed to open \\?\c:\\i386\ntkrpamp.exe: Access is denied.



Failed to open \\?\c:\\i386\ntoskrnl.exe: Access is denied.


..
Failed to open \\?\c:\\i386\sp3.cab: Access is denied.





Failed to open \\?\c:\\i386\stddtype.gdl: Access is denied.



Failed to open \\?\c:\\i386\stdnames.gpd: Access is denied.



Failed to open \\?\c:\\i386\stdschem.gdl: Access is denied.



Failed to open \\?\c:\\i386\stdschmx.gdl: Access is denied.



Failed to open \\?\c:\\i386\unidrv.dll: Access is denied.



Failed to open \\?\c:\\i386\unidrv.hlp: Access is denied.



Failed to open \\?\c:\\i386\unidrvui.dll: Access is denied.



Failed to open \\?\c:\\i386\unires.dll: Access is denied.


...


Failed to open \\?\c:\\Intel\Logs\IntelGFX.log: Access is denied.



Failed to open \\?\c:\\Program Files\Acro Software: Access is denied.



Failed to open \\?\c:\\Program Files\AgentMetrics: Access is denied.



Failed to open \\?\c:\\Program Files\Amazon: Access is denied.



Failed to open \\?\c:\\Program Files\commercial: Access is denied.



Failed to open \\?\c:\\Program Files\Fidelity: Access is denied.



Failed to open \\?\c:\\Program Files\Google: Access is denied.



Failed to open \\?\c:\\Program Files\Kodak: Access is denied.



Failed to open \\?\c:\\Program Files\Kyocera: Access is denied.



Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware: Access is denied.



Failed to open \\?\c:\\Program Files\McAfee: Access is denied.



Failed to open \\?\c:\\Program Files\Mozilla Firefox: Access is denied.



Failed to open \\?\c:\\Program Files\MSECache: Access is denied.



Failed to open \\?\c:\\Program Files\OCS Inventory Agent: Access is denied.



Failed to open \\?\c:\\Program Files\TeamViewer: Access is denied.



Failed to open \\?\c:\\Program Files\Viewpoint: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Desktop Search: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Connect 2: Access is denied.



Failed to open \\?\c:\\Program Files\WinZip: Access is denied.



Failed to open \\?\c:\\Program Files\Zero G Registry: Access is denied.



Failed to open \\?\c:\\Program Files\Adobe\Acrobat 5.0: Access is denied.


.
Failed to open \\?\c:\\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-5464-3428-900000000004}\AdbeRdrSD90_all.msi: Access is denied.


..


Failed to open \\?\c:\\Program Files\Common Files\AOL: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\McAfee: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\Software Update Utility: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\Wise Installation Wizard: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\Adobe\Color: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\Adobe\Web: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\Business Objects\3.0\bin\u25store.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\Business Objects\3.0\bin\u2lols32.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\iGdiCnv.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IScrCnv.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\ISRT.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IUserCnv.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\objpscnv.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Driver\11\Intel 32\_ISRES1033.dll: Access is denied.


.
Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe.manifest: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\pm.css: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\pm.html: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\background.jpg: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\File16.gif: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\HelpDoc16.gif: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\left_task.gif: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\left_task2.gif: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\images\spacer.gif: Access is denied.


.
Failed to open \\?\c:\\Program Files\Common Files\Research In Motion\AppLoader\Loader_CRASH.DMP: Access is denied.



Failed to open \\?\c:\\Program Files\Common Files\Research In Motion\AppLoader\Loader_ERRORLOG.TXT: Access is denied.


.
Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}_Backup: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{61C79AE1-5403-4687-AC68-28BFA5EF3895}: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{8D8DE8D1-95CF-4C63-84B0-3EE3A7FA7C20}: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{B62B8B9A-6CB7-47D1-9A29-395EC0BFA60C}: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\data1.cab: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\data1.hdr: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\ISSetup.dll: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\layout.bin: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.ibt: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.ini: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.inx: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.isn: Access is denied.



Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\_setup.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Internet Explorer\custsat.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Internet Explorer\en-US: Access is denied.



Failed to open \\?\c:\\Program Files\Internet Explorer\ieproxy.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Internet Explorer\SIGNUP\install.ins: Access is denied.





Failed to open \\?\c:\\Program Files\Java\jre6\lib\servicetag\registration.xml: Access is denied.


...

..
Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\mscorlib.ni.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Core.ni.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Net.ni.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.ni.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Runtime.Serialization.ni.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.ServiceModel.ni.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.ServiceModel.Web.ni.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Windows.Browser.ni.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Windows.ni.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft Silverlight\4.0.50917.0\System.Xml.ni.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Files\SQLSetup0002_ACER-83A3C6184E_Core.log: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Files\SQLSetup0002_ACER-83A3C6184E_SCC.log: Access is denied.



Failed to open \\?\c:\\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Files\SQLSetup0002_ACER-83A3C6184E_SQL.log: Access is denied.


.
Failed to open \\?\c:\\Program Files\Research In Motion\BlackBerry\desktop.GID: Access is denied.



Failed to open \\?\c:\\Program Files\Research In Motion\BlackBerry\iloptcfg.cfg: Access is denied.



Failed to open \\?\c:\\Program Files\Research In Motion\BlackBerry\ilsync.cnt: Access is denied.





Failed to open \\?\c:\\Program Files\Research In Motion\BlackBerry\upgrade.log: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\AppStatus.xml: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\AxInterop.SHDocVw.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\Common.Data.Helper.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\fbembed.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\fbudf.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\firebird.msg: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\FirebirdSql.Data.Firebird.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ib_udf.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ib_util.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ICSharpCode.SharpZipLib.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\icudt30.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\icuin30.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\icuuc30.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\Interop.SHDocVw.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\jennifer@covenyhomes.com: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\klik.windows.forms.resizer.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\log4net.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\msvcp71.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\msvcp80.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\msvcr71.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\msvcr80.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\OfflineLogons.xml: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ReportPrinting.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingDesk.log: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingDesk.log.1: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingDesk.log.2: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DAL.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\SHOWINGTIME.DESKWE.CLIENT.CALLCENTER1179.DB: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Client.common.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Client.DAL.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Client.exe: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Client.Services.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Client.WindowsControls.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.Common.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.DeskWE.WEB.DAL.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\ShowingTime.Protocol.FTPProtocol.dll: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\Terms.xml: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\wehosts.xml: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\WEMigrator.exe: Access is denied.



Failed to open \\?\c:\\Program Files\ShowingTime\ShowingDesk Web Edition\WEUpdater: Access is denied.



Failed to open \\?\c:\\Program Files\Uninstall Information\odbc.dat: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\dlimport.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\eula.txt: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\LegitLibM.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\Network Sharing: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\wmdbexport.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\wmlaunch.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\wmpenc.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\wmpnetwk.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\wmpnscfg.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\wmpnssci.dll: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\wmpshare.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Windows Media Player\wmsetsdk.exe: Access is denied.


...
Failed to open \\?\c:\\WINDOWS\003048_.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\Cache: Access is denied.



Failed to open \\?\c:\\WINDOWS\CAPTURE1.INI: Access is denied.



Failed to open \\?\c:\\WINDOWS\commercial.ini: Access is denied.



Failed to open \\?\c:\\WINDOWS\commercial.scr: Access is denied.



Failed to open \\?\c:\\WINDOWS\Downloaded Installations: Access is denied.




...

...

...

...

...


Failed to open \\?\c:\\WINDOWS\AppPatch\acadproc.dll: Access is denied.


\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790


Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine: Access is denied.



Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework: Access is denied.



Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management.resources: Access is denied.



Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility.resources: Access is denied.



Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources: Access is denied.



Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources: Access is denied.



Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\System.Management.Automation.resources: Access is denied.


\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

...
Failed to open \\?\c:\\WINDOWS\Debug\Setup: Access is denied.



Failed to open \\?\c:\\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe: Access is denied.



Failed to open \\?\c:\\WINDOWS\Downloaded Program Files\install.log: Access is denied.



Failed to open \\?\c:\\WINDOWS\Downloaded Program Files\swflash.inf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Downloaded Program Files\unagiuninst.exe: Access is denied.



Failed to open \\?\c:\\WINDOWS\Downloaded Program Files\WBEtoolsAX.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\ehome\medctrro.cmd: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\10249.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\10267.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\10268.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\10269.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\10370.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\10695.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11058.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11059.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11118.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11119.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11120.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11454.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11455.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11467.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11468.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11545.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11546.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11547.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11548.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11671.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11673.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\11846.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12506.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12507.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12510.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12511.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12542.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12543.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12544.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12545.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12581.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12582.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12585.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12586.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12623.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12625.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12639.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12640.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12675.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12677.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12704.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\12968.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13501.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13502.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13547.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13548.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13726.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13727.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13728.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13729.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13730.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13731.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13732.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13733.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13738.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13739.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13740.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13741.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13775.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13776.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13777.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13778.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13779.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13780.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13870.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13871.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13872.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13873.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13874.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13875.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13950.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13951.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13952.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\13953.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14021.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14022.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14023.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14024.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14029.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14030.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14039.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14040.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14051.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14053.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14054.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14072.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14459.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14460.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14461.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14462.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14463.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14480.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14481.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14503.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14504.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14505.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14506.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14507.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14508.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14511.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14512.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14513.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14514.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14515.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14525.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14526.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14527.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14528.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14529.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\14530.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\24509.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\24510.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\24516.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\24517.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\24518.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\24519.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\24520.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\24521.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\24522.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\24523.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\24524.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\34455.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\34456.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\34457.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\34458.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\4483.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\4484.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\4486.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\4487.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\90249.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\90270.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\91118.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\91119.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\91546.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\91547.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\91548.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\91846.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\92500.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\92501.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\92504.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\92505.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\92506.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\92507.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\92510.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\92511.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\92639.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\92642.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\93777.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\93778.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\93779.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\94021.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\94022.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\94023.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\94024.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\94029.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\94030.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\94039.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\94040.ttf: Access is denied.



Failed to open \\?\c:\\WINDOWS\Fonts\94073.ttf: Access is denied.





Failed to open \\?\c:\\WINDOWS\Help\mail: Access is denied.


.
Failed to open \\?\c:\\WINDOWS\Help\wmp11.chm: Access is denied.


..

...

\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492

.\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5

..

...

...

...

...

...

...

..

#14 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 20 November 2010 - 02:26 PM

Do you have any other useraccounts on this computer (with administrator permissions) and can you access those files/folders from there?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#15 gothicpanda

gothicpanda

    New Member

  • Members
  • Pip
  • 15 posts

Posted 20 November 2010 - 02:30 PM

I do not. I can not even access the administrator that is default created through Safe Mode. I can not enter safe mode. I'll try to create a new user account and delete the malwarebytes folders from there. Only try to delete the malwarebytes folders correct?

#16 gothicpanda

gothicpanda

    New Member

  • Members
  • Pip
  • 15 posts

Posted 20 November 2010 - 02:40 PM

I tried creating a new user but that also failed. I was able to create one but when I tried to log off from the current user I got logged back onto the main user. I then restarted the computer to see if more users would show up and i got logged straight into the main user.

#17 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 21 November 2010 - 02:27 AM

Lets see if the following will work.

We need to reset the permissions altered by the malware on a file.
  • Download this tool and save it to the desktop: http://download.blee...xes/Inherit.exe
  • Go to Start => Run => Copy and paste the first line of the following lines in the run box and click OK:

    "%userprofile%\desktop\inherit" "c:\WINDOWS"
    "%userprofile%\desktop\inherit" "c:\Program Files"
    "%userprofile%\desktop\inherit" "c:\Acer"
    "%userprofile%\desktop\inherit" "c:\Users"

  • If you get a security warning select Run.
  • You will get a "Finish" popup. Click OK.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#18 gothicpanda

gothicpanda

    New Member

  • Members
  • Pip
  • 15 posts

Posted 21 November 2010 - 05:03 PM

Alright, I followed the instructions and got the Finish popup. What should I do next? I can not delete the file still or install MBAM. Internet Explorer works now though so that is a good sign.

#19 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 22 November 2010 - 02:13 AM

Please drag/drop the file and/or folder in question on inherit.exe. That should restore permissions.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#20 gothicpanda

gothicpanda

    New Member

  • Members
  • Pip
  • 15 posts

Posted 22 November 2010 - 07:45 PM

Awesome! Thank you so much! I was able to install MBAM and scan the computer. It found a few malware and now the computer runs perfect.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users